[dns-operations] name-services.com breaks DNSSEC-aware resolvers
Alexander Gall
gall at switch.ch
Fri Jul 20 08:02:29 UTC 2007
They appear to have fixed it. Haven't heared anything from them, though.
--
Alex
On Thu, 19 Jul 2007 17:16:26 +0200, Alexander Gall <gall at switch.ch> said:
> There is something very funky going on with the servers
> dns1.name-services.com. 69.25.142.1
> dns2.name-services.com. 216.52.184.230
> dns3.name-services.com. 63.251.92.193
> dns4.name-services.com. 64.74.96.242
> dns5.name-services.com. 70.42.37.1
> when the DO flag is set in a query. In that case, they send a reply
> that is totally unrelated to the query. As I write this, all servers
> are basically unreachable for me, but a short while ago, I got this:
> $ dig @216.52.184.230 name-services.com. soa +dnssec
> ;; Warning: ID mismatch: expected ID 118, got 17517
> ;; Warning: ID mismatch: expected ID 118, got 12746
> ; <<>> DiG 9.4.1 <<>> @216.52.184.230 name-services.com. soa +dnssec
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
> The last query was lost. I have attached a pcap trace of these
> transactions (ignore the IP checksum errors, they are caused by an
> offloading feature of my NIC). The first query in that trace was done
> without DO and gets a proper reply (albeit with a very large delay).
> I have informed name-services.com about this and I'm extremely curious
> to learn what the heck they have installed there :-)
> --
> Alex
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list