[dns-operations] TCP Revisited
anandb at ripe.net
Fri Jun 26 15:53:20 UTC 2009
On 26/6/09 16:29, Michael Graff wrote:
> While doing some DNSSEC things today, I found that one server in the
> e164.arpa zone behaved in a somewhat unfriendly way. e164.arpa is a
> signed zone, and therefore all the DNS servers for that zone should be
> capable of serving DNSSEC data.
> One server, e164-arpa.cnnic.net.cn with address 22.214.171.124, does not
> respond to queries with DO set nor does it respond to queries over TCP.
> % dig @126.96.36.199 e164.arpa. dnskey
> results in TC, failed TCP
> % dig @188.8.131.52 e164.arpa. dnskey +vc
> results in a timeout.
> % dig @184.108.40.206 e164.arpa. dnskey +dnssec
> times out. tcpdump shows no response at all.
> I have attempted to contact RIPE about this since they are the primary
> for this zone.
Thanks for this report. We're investigating this issue, and I'll follow up here
next week when I know more about what is causing this problem.
DNS Services Manager, RIPE NCC
More information about the dns-operations