[dns-operations] Strange problem with fragmented DNS responses from b.iana-servers.net

RL Vaughn rl_vaughn at baylor.edu
Mon Dec 8 22:03:05 UTC 2008


I am on a broadband connection from grandecom.  The second
fragment arrives successfully.

Randy


Duane Wessels wrote:
> Hi Everyone,
> 
> A few weeks ago while working on the TLDmon scripts I noticed a
> strange problem with b.iana-servers.net.  That server is one of
> three that are authoritative for some IDN TLDs such as XN--9T4B11YI5A
> and XN--KGBECHTV.
> 
> The problem I'm having is with this query:
> 
>    dig +bufsiz=2048 @b.iana-servers.net XN--9T4B11YI5A rrsig
> 
> The response is larger than 1500 bytes so it gets fragmented.  I
> receive the first fragment, but not the second.  But this only
> happens when I query from hosts on ISC's network.
> 
> The query works if the query is changed to one of the other TLDs
> such as XN--KGBECHTV
> 
> The query works for a.iana-servers.net and c.iana-servers.net.
> 
> The query works over TCP.
> 
> The query works from non-ISC hosts that I have been able to test
> from.
> 
> The folks at ICANN ran tcpdump on the server and we saw both fragments
> leave the server.
> 
> So far the problem seems localized to ISC's network, but we are at
> a loss to explain what could be causing it.  ISC tells me they have
> no packet filters on their peer/transit provider links.
> 
> I'm really curious if anyone else sees this problem from their own
> networks or not.
> 
> Duane W.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations




More information about the dns-operations mailing list