[dns-operations] Missing g.root-servers.net and k.root-servers.net

Anand Buddhdev anandb at ripe.net
Tue Jul 29 00:33:38 UTC 2008 

On 28/7/08 18:37, Peter Dambier wrote:

Hello Peter,

> at 2008-07-28 (210) 13:20:15 UTC I got an alarm:
> 
> Root-Servers SOA records
> 
> soa(".","2008072800","a.root-servers.net","198.41.0.4").
> soa(".","2008072701","b.root-servers.net","192.228.79.201").
> soa(".","2008072800","c.root-servers.net","192.33.4.12").
> soa(".","2008072800","d.root-servers.net","128.8.10.90").
> soa(".","2008072800","e.root-servers.net","192.203.230.10").
> soa(".","2008072800","f.root-servers.net","192.5.5.241").
> error(".","g.root-servers.net","192.112.36.4","no response").
> soa(".","2008072800","h.root-servers.net","128.63.2.53").
> soa(".","2008072800","i.root-servers.net","192.36.148.17").
> soa(".","2008072800","j.root-servers.net","192.58.128.30").
> error(".","k.root-servers.net","193.0.14.129","no response").
> soa(".","2008072800","l.root-servers.net","199.7.83.42").
> soa(".","2008072800","m.root-servers.net","202.12.27.33").
> 
> Interestingly enough, a couple of hours later I get
> 
> ; <<>> DiG 9.4.0 <<>> +norec @k.root-servers.net chaos txt id.server
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54798
> ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;id.server.                     CH      TXT
> 
> ;; ANSWER SECTION:
> id.server.              0       CH      TXT     "k1.linx.k.ripe.net"
> 
> ;; Query time: 83 msec
> ;; SERVER: 193.0.14.129#53(193.0.14.129)
> ;; WHEN: Mon Jul 28 18:11:21 2008
> ;; MSG SIZE  rcvd: 58
> 
> I expected "kserver.denic" for Frankfurt, but that is London.

You appear to be behind DTAG's network. DTAG peers with K-root at LINX, 
from where it receives 193.0.14.0/23, and at CIXP, where it receives 
193.0.14.0/24 tagged with NO_EXPORT. Therefore, you as a customer of 
DTAG will only receive the /23 prefix, and not the /24.

I cannot say for sure what happened during the brief window when you 
experienced the outage to K-root. However, the most likely explanation 
is that DTAG briefly lost its peering at LINX, and therefore was unable 
to provide a path to K-root for its downstream customers.

What puzzles me is that DTAG only sees K-root's /23 prefix from LINX. 
I'm supposing that DTAG has transit arrangements with other networks, 
and it should see a few more paths to K-root's /23 prefix.

Regards,

Anand Buddhdev
DNS Services Manager, RIPE NCC

More information about the dns-operations mailing list