[dns-operations] k2.nap.k.ripe.net instance of K root server dropping IPv6 TCP connections?
Anand Buddhdev
anandb at ripe.net
Wed Mar 24 18:47:36 UTC 2010
On 24/03/2010 10:23, Chris Thompson wrote:
> We are seeing
> $ dig -6 +vc hostname.bind txt ch @k.root-servers.net
> ;; communications error to 2001:7fd::1#53: connection reset
>
> $ dig -6 +noall +answer hostname.bind txt ch @k.root-servers.net
> hostname.bind. 0 CH TXT "k1.nap.k.ripe.net"
>
> Is anyone else seeing the same? Via IPv4 we get to instance
> k2.ams-ix.k.ripe.net, which does TCP ok.
>
> I noticed this only because of the DURZ deployment on k.root-servers.net
> this afternoon (DNSKEY responses for "." are over 512 bytes at the moment)
> so it may have been happening before. I suspect not for long, though, or
> I would have seen it while tracking the signed "arpa" deployment...
Thanks for reporting this Chris. There was indeed a problem with IPv6,
and it had to do with load-balancing. The K-root router at NAP was
missing the "ipv6 cef" statement, which led to TCP packets being spread
across both back-end servers. This was the cause of the resets.
We have corrected this issue now, and TCP queries over IPv6 should work
properly at this instance.
Regards,
Anand Buddhdev,
DNS Services Manager, RIPE NCC
More information about the dns-operations
mailing list