[dns-operations] TCP Revisited
Michael Graff
mgraff at isc.org
Fri Jun 26 14:29:04 UTC 2009
While doing some DNSSEC things today, I found that one server in the
e164.arpa zone behaved in a somewhat unfriendly way. e164.arpa is a
signed zone, and therefore all the DNS servers for that zone should be
capable of serving DNSSEC data.
One server, e164-arpa.cnnic.net.cn with address 203.119.25.10, does not
respond to queries with DO set nor does it respond to queries over TCP.
% dig @203.119.25.10 e164.arpa. dnskey
results in TC, failed TCP
% dig @203.119.25.10 e164.arpa. dnskey +vc
results in a timeout.
% dig @203.119.25.10 e164.arpa. dnskey +dnssec
times out. tcpdump shows no response at all.
I have attempted to contact RIPE about this since they are the primary
for this zone.
--Michael
More information about the dns-operations
mailing list