[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
in-addr.arpa server problems for europe?
Michelle Sullivan wrote:
> Stephane Bortzmeyer wrote:
>
>> On Mon, Feb 15, 2010 at 10:22:17AM +0100,
>> Michelle Sullivan <michelle at sorbs.net> wrote
>> a message of 185 lines which said:
>>
>>
>>
>>> 213.in-addr.arpa. 86400 IN NS NS-PRI.RIPE.NET.
>>> 213.in-addr.arpa. 86400 IN NS NS3.NIC.FR.
>>> 213.in-addr.arpa. 86400 IN NS SUNIC.SUNET.SE.
>>> 213.in-addr.arpa. 86400 IN NS SNS-PB.ISC.ORG.
>>> 213.in-addr.arpa. 86400 IN NS SEC1.APNIC.NET.
>>> 213.in-addr.arpa. 86400 IN NS SEC3.APNIC.NET.
>>> 213.in-addr.arpa. 86400 IN NS TINNIE.ARIN.NET.
>>> ;; Received 224 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 20011 ms
>>>
>>> ;; connection timed out; no servers could be reached
>>>
>>>
>> It is highly improbable that all these name servers are unreachable
>> from you. Therefore, I suspect that *content* is the issue. RIPE-NCC
>> zones are signed with DNSSEC. Are you sure you do not have a broken
>> middlebox which deletes DNSSEC-signed answers?
>>
>> (I tried from an US/Datotel/Level3 machine and everything works.)
>>
>>
>>
>>
>
> Thanks... F**Kin' PIXs!
>
Then again....
michelle at enigma:~$ dig +trace +bufsize=512 -x 81.255.164.225
; <<>> DiG 9.3.3 <<>> +trace +bufsize=512 -x 81.255.164.225
;; global options: printcmd
. 352606 IN NS L.ROOT-SERVERS.NET.
. 352606 IN NS M.ROOT-SERVERS.NET.
. 352606 IN NS A.ROOT-SERVERS.NET.
. 352606 IN NS B.ROOT-SERVERS.NET.
. 352606 IN NS C.ROOT-SERVERS.NET.
. 352606 IN NS D.ROOT-SERVERS.NET.
. 352606 IN NS E.ROOT-SERVERS.NET.
. 352606 IN NS F.ROOT-SERVERS.NET.
. 352606 IN NS G.ROOT-SERVERS.NET.
. 352606 IN NS H.ROOT-SERVERS.NET.
. 352606 IN NS I.ROOT-SERVERS.NET.
. 352606 IN NS J.ROOT-SERVERS.NET.
. 352606 IN NS K.ROOT-SERVERS.NET.
;; Received 511 bytes from 111.125.160.132#53(111.125.160.132) in 1 ms
81.in-addr.arpa. 86400 IN NS SNS-PB.ISC.ORG.
81.in-addr.arpa. 86400 IN NS TINNIE.ARIN.NET.
81.in-addr.arpa. 86400 IN NS NS3.NIC.FR.
81.in-addr.arpa. 86400 IN NS SEC1.APNIC.NET.
81.in-addr.arpa. 86400 IN NS SEC3.APNIC.NET.
81.in-addr.arpa. 86400 IN NS SUNIC.SUNET.SE.
81.in-addr.arpa. 86400 IN NS NS-PRI.RIPE.NET.
;; Received 235 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 179 ms
;; connection timed out; no servers could be reached
michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @NS3.NIC.FR
; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @NS3.NIC.FR
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52112
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
255.81.in-addr.arpa. 172800 IN NS proof.rain.fr.
255.81.in-addr.arpa. 172800 IN NS ns.ripe.net.
255.81.in-addr.arpa. 172800 IN NS bow.rain.fr.
;; ADDITIONAL SECTION:
ns.ripe.net. 172800 IN A 193.0.0.193
ns.ripe.net. 172800 IN AAAA 2001:610:240:0:53::193
;; Query time: 320 msec
;; SERVER: 192.134.0.49#53(192.134.0.49)
;; WHEN: Mon Feb 15 23:37:36 2010
;; MSG SIZE rcvd: 170
michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @SEC3.APNIC.NET
; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @SEC3.APNIC.NET
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32853
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
255.81.in-addr.arpa. 172800 IN NS ns.ripe.net.
255.81.in-addr.arpa. 172800 IN NS bow.rain.fr.
255.81.in-addr.arpa. 172800 IN NS proof.rain.fr.
;; Query time: 200 msec
;; SERVER: 202.12.28.140#53(202.12.28.140)
;; WHEN: Mon Feb 15 23:29:41 2010
;; MSG SIZE rcvd: 126
michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @ns.ripe.net.
; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @ns.ripe.net.
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1316
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
164.255.81.in-addr.arpa. 3600 IN NS proof.rain.fr.
164.255.81.in-addr.arpa. 3600 IN NS bow.rain.fr.
;; Query time: 322 msec
;; SERVER: 193.0.0.193#53(193.0.0.193)
;; WHEN: Mon Feb 15 23:30:03 2010
;; MSG SIZE rcvd: 101
michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @proof.rain.fr.
; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @proof.rain.fr.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5704
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa. IN PTR
;; ANSWER SECTION:
225.164.255.81.in-addr.arpa. 3600 IN PTR mail.pharaon.fr.
;; AUTHORITY SECTION:
164.255.81.in-addr.arpa. 3600 IN NS 194.51.3.65.
164.255.81.in-addr.arpa. 3600 IN NS bow.rain.fr.
;; ADDITIONAL SECTION:
bow.rain.fr. 83600 IN A 194.51.3.49
;; Query time: 326 msec
;; SERVER: 194.51.3.65#53(194.51.3.65)
;; WHEN: Mon Feb 15 23:30:14 2010
;; MSG SIZE rcvd: 149
michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @bow.rain.fr.
; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @bow.rain.fr.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22282
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa. IN PTR
;; ANSWER SECTION:
225.164.255.81.in-addr.arpa. 3600 IN PTR mail.pharaon.fr.
;; AUTHORITY SECTION:
164.255.81.in-addr.arpa. 3600 IN NS 194.51.3.65.
164.255.81.in-addr.arpa. 3600 IN NS bow.rain.fr.
;; ADDITIONAL SECTION:
bow.rain.fr. 83600 IN A 194.51.3.49
;; Query time: 340 msec
;; SERVER: 194.51.3.49#53(194.51.3.49)
;; WHEN: Mon Feb 15 23:30:54 2010
;; MSG SIZE rcvd: 149
michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @SNS-PB.ISC.ORG
; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @SNS-PB.ISC.ORG
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9273
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
255.81.in-addr.arpa. 172800 IN NS bow.rain.fr.
255.81.in-addr.arpa. 172800 IN NS ns.ripe.net.
255.81.in-addr.arpa. 172800 IN NS proof.rain.fr.
;; ADDITIONAL SECTION:
ns.ripe.net. 172800 IN A 193.0.0.193
ns.ripe.net. 172800 IN AAAA 2001:610:240:0:53::193
;; Query time: 183 msec
;; SERVER: 192.5.4.1#53(192.5.4.1)
;; WHEN: Mon Feb 15 23:31:20 2010
;; MSG SIZE rcvd: 170
michelle at enigma:~$ dig -x 81.255.164.225 @SNS-PB.ISC.ORG
; <<>> DiG 9.3.3 <<>> -x 81.255.164.225 @SNS-PB.ISC.ORG
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2301
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 2
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
255.81.in-addr.arpa. 172800 IN NS bow.rain.fr.
255.81.in-addr.arpa. 172800 IN NS proof.rain.fr.
255.81.in-addr.arpa. 172800 IN NS ns.ripe.net.
;; ADDITIONAL SECTION:
ns.ripe.net. 172800 IN A 193.0.0.193
ns.ripe.net. 172800 IN AAAA 2001:610:240:0:53::193
;; Query time: 183 msec
;; SERVER: 192.5.4.1#53(192.5.4.1)
;; WHEN: Mon Feb 15 23:31:37 2010
;; MSG SIZE rcvd: 159
michelle at enigma:~$ dig +trace +bufsize=4096 -x
81.255.164.225
; <<>> DiG 9.3.3 <<>> +trace +bufsize=4096 -x 81.255.164.225
;; global options: printcmd
. 352340 IN NS H.ROOT-SERVERS.NET.
. 352340 IN NS I.ROOT-SERVERS.NET.
. 352340 IN NS J.ROOT-SERVERS.NET.
. 352340 IN NS K.ROOT-SERVERS.NET.
. 352340 IN NS L.ROOT-SERVERS.NET.
. 352340 IN NS M.ROOT-SERVERS.NET.
. 352340 IN NS A.ROOT-SERVERS.NET.
. 352340 IN NS B.ROOT-SERVERS.NET.
. 352340 IN NS C.ROOT-SERVERS.NET.
. 352340 IN NS D.ROOT-SERVERS.NET.
. 352340 IN NS E.ROOT-SERVERS.NET.
. 352340 IN NS F.ROOT-SERVERS.NET.
. 352340 IN NS G.ROOT-SERVERS.NET.
;; Received 643 bytes from 111.125.160.132#53(111.125.160.132) in 1 ms
81.in-addr.arpa. 86400 IN NS NS3.NIC.FR.
81.in-addr.arpa. 86400 IN NS SEC1.APNIC.NET.
81.in-addr.arpa. 86400 IN NS SEC3.APNIC.NET.
81.in-addr.arpa. 86400 IN NS SUNIC.SUNET.SE.
81.in-addr.arpa. 86400 IN NS NS-PRI.RIPE.NET.
81.in-addr.arpa. 86400 IN NS SNS-PB.ISC.ORG.
81.in-addr.arpa. 86400 IN NS TINNIE.ARIN.NET.
;; Received 235 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 178 ms
;; connection timed out; no servers could be reached
... what am I missing? (Set the PIX v7.2.1 to allow DNS upto 4096 bytes
- results are the same before and after)
Note: As far as I know lookups from this server worked until around Sept
09, the hosts changed from 203.15.51.32/27 to 111.125.160.129/26 at this
time, they have been failing since.
Thanks,
Michelle