[dns-operations] Truncated EDNS0 answer from server A, B, C, D, E, G and J
Eduardo Mercader Orta
emercade at nic.cl
Thu May 6 00:48:50 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
people in our offices in Chile, saw that the queries:
dig @a.root-servers.net . any +dnssec
was truncated in UDP, for root servers A, B, C, D, E, G and J
and must be redirect to TCP.
I repeat the same test here in Prague, and i see the same result.
By example, in the case of the root servers C, from Santiago, i have the
next traceroute:
[emercade at nicolette ~]$ traceroute -n c.root-servers.net
traceroute to c.root-servers.net (192.33.4.12), 30 hops max, 40 byte packets
1 200.27.115.1 0.187 ms 0.169 ms 0.146 ms
2 200.27.103.25 0.728 ms 0.708 ms 0.685 ms
3 190.208.5.14 1.034 ms 1.013 ms 0.952 ms
4 195.22.221.113 1.347 ms 1.412 ms 1.485 ms
5 154.54.10.113 109.204 ms 122.987 ms 109.163 ms
6 154.54.24.233 109.424 ms 154.54.28.249 109.407 ms 154.54.1.185
126.977 ms
7 154.54.3.25 123.500 ms 123.330 ms 137.424 ms
8 154.54.28.213 148.927 ms 154.54.24.9 151.588 ms 154.54.28.50
127.014 ms
9 154.54.26.37 135.215 ms 154.54.2.193 154.097 ms 140.192 ms
10 154.54.29.122 139.844 ms 137.444 ms 137.523 ms
11 154.54.2.70 135.735 ms 135.726 ms 135.680 ms
12 192.33.4.12 136.242 ms 136.362 ms 150.306 ms
In Prague i have a diferent traceroute:
[emercade at fobos ~]$ traceroute -n c.root-servers.net
traceroute to c.root-servers.net (192.33.4.12), 30 hops max, 60 byte packets
1 193.0.27.253 13.762 ms 13.852 ms 13.926 ms
2 89.235.0.169 12.962 ms 13.251 ms 13.905 ms
3 213.200.74.93 14.119 ms 14.198 ms 14.435 ms
4 213.200.82.14 18.262 ms 18.386 ms 19.235 ms
5 130.117.14.85 20.939 ms 22.550 ms 77.67.74.42 22.907 ms
6 130.117.51.221 24.046 ms 17.330 ms 17.720 ms
7 130.117.2.222 17.269 ms 17.544 ms 17.476 ms
8 192.33.4.12 17.463 ms 17.269 ms 17.714 ms
So i think that they are diferent instances of the same root server C.
But the dig are similar (see attach files).
Must be considered as normal behavior ?
Regards,
Edo/
- --
Eduardo Mercader Orta
Jefe de Sistemas
NIC Chile - Universidad de Chile
http://www.nic.cl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkviEfIACgkQEXdldgLwkvdkiwCbBpw1GxEter7y31Wb+BhEzcmk
SXAAoIfSeB4VXRHiq1Q5RYJ/Muaui49J
=njYr
-----END PGP SIGNATURE-----
-------------- next part --------------
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.6.2-P1-RedHat-9.6.2-3.P1.fc11 <<>> @c.root-servers.net . any +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35337
;; flags: qr aa rd; QUERY: 1, ANSWER: 22, AUTHORITY: 0, ADDITIONAL: 21
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN ANY
;; ANSWER SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010050501 1800 900 604800 86400
. 86400 IN RRSIG NSEC 8 0 86400 20100512070000 20100505060000 55138 . BE/CZm6ya6Yv0xYUZf1vUOq0AN+yhKc8PZEkIani7gVFpm1HT8Bou7Wk pdH67HM/JCEJcBAha6Sc/Y1AV2/SNE+Si5n3vUi1wvn1pQ4XZ6UPcMTC 41zJOsDyyczePnQmGSfrlB/TNZ7dG1CvHEgeTYixXckmFRTbTH8ALVqC y4U=
. 86400 IN NSEC ac. NS SOA RRSIG NSEC DNSKEY
. 86400 IN RRSIG DNSKEY 8 0 86400 20100515235959 20100501000000 19324 . QWXJEkPRYzAu8SpGmzRw1y9B9JOPRNl9C5csTh6Edv4xQRUb0apb7YRD mhbIgqZN4TMMme70pni93z8gn7fqtylFzCObC0prH90vq20DjxcOeZtV ufvoadCQFsUi87G2kgicZjRLSHjz/h2zJO36nmdp/S05wGxT9KX56Yoy hjuSr6AzCCQvsmDKdhL8D8SAPAZGjPs0ftfKsDyEarcy9XYP9nZfskmQ OWbx0ldr41JfibY3+onP/tA61KQdTQYZ2bAU/eQK/6Kq2YEzSzQijwdV Kex+hi4LXWB85u9uY8YMsa1MVJDY/BYkjW4HU1wvKY47oz4G3oDyI23X IR8NSA==
. 86400 IN DNSKEY 257 3 8 AwEAAawBe++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++8=
. 86400 IN DNSKEY 257 3 8 AwEAAazdM++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++8=
. 86400 IN DNSKEY 256 3 8 AwEAAavbA++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++++++++++++++++++++++++++++++++++++++++ +++++++8
. 518400 IN RRSIG NS 8 0 518400 20100512070000 20100505060000 55138 . WyDsEAJqnidP+nmO+AE9Mq3yheE7rdxQMBHOxgMPRsUQdBudH859fPKi Dcb258+FalkshcY31aZa7yzrFAUrBhBIQFqpNX/G1R0HC2PuDctJ0E4z bkTXkNjlT76Yx9nta3kO49UrkZhTTZlujyTt/jB+dTg3yC2vdTx4x/Tk vcg=
. 518400 IN NS j.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 86400 IN RRSIG SOA 8 0 86400 20100512070000 20100505060000 55138 . Y68ch9CyPWWY93he1NoGQfo+cy2JptrWUpxPk5w4jFaM+sOyl0WE9ekE FDjbwbWuWjhTl/mg6ysMTHb7OmHbQcKTfPSY91E+5Mgdb0FBPIszjCRk x877xBmn5lTjxOclJJrSaSwfXwrjpIFcsAmstoofTi8ZeEgKfNabBBPL YFw=
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN A 193.0.14.129
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN A 199.7.83.42
l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
m.root-servers.net. 3600000 IN A 202.12.27.33
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 22 msec
;; SERVER: 192.33.4.12#53(192.33.4.12)
;; WHEN: Wed May 5 20:19:52 2010
;; MSG SIZE rcvd: 2181
-------------- next part --------------
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.6.1-P3 <<>> @c.root-servers.net . any +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3781
;; flags: qr aa rd; QUERY: 1, ANSWER: 22, AUTHORITY: 0, ADDITIONAL: 21
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN ANY
;; ANSWER SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010050501 1800 900 604800 86400
. 86400 IN RRSIG NSEC 8 0 86400 20100512070000 20100505060000 55138 . BE/CZm6ya6Yv0xYUZf1vUOq0AN+yhKc8PZEkIani7gVFpm1HT8Bou7Wk pdH67HM/JCEJcBAha6Sc/Y1AV2/SNE+Si5n3vUi1wvn1pQ4XZ6UPcMTC 41zJOsDyyczePnQmGSfrlB/TNZ7dG1CvHEgeTYixXckmFRTbTH8ALVqC y4U=
. 86400 IN NSEC ac. NS SOA RRSIG NSEC DNSKEY
. 86400 IN RRSIG DNSKEY 8 0 86400 20100515235959 20100501000000 19324 . QWXJEkPRYzAu8SpGmzRw1y9B9JOPRNl9C5csTh6Edv4xQRUb0apb7YRD mhbIgqZN4TMMme70pni93z8gn7fqtylFzCObC0prH90vq20DjxcOeZtV ufvoadCQFsUi87G2kgicZjRLSHjz/h2zJO36nmdp/S05wGxT9KX56Yoy hjuSr6AzCCQvsmDKdhL8D8SAPAZGjPs0ftfKsDyEarcy9XYP9nZfskmQ OWbx0ldr41JfibY3+onP/tA61KQdTQYZ2bAU/eQK/6Kq2YEzSzQijwdV Kex+hi4LXWB85u9uY8YMsa1MVJDY/BYkjW4HU1wvKY47oz4G3oDyI23X IR8NSA==
. 86400 IN DNSKEY 257 3 8 AwEAAazdM++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++8=
. 86400 IN DNSKEY 256 3 8 AwEAAavbA++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++++++++++++++++++++++++++++++++++++++++ +++++++8
. 86400 IN DNSKEY 257 3 8 AwEAAawBe++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++8=
. 518400 IN RRSIG NS 8 0 518400 20100512070000 20100505060000 55138 . WyDsEAJqnidP+nmO+AE9Mq3yheE7rdxQMBHOxgMPRsUQdBudH859fPKi Dcb258+FalkshcY31aZa7yzrFAUrBhBIQFqpNX/G1R0HC2PuDctJ0E4z bkTXkNjlT76Yx9nta3kO49UrkZhTTZlujyTt/jB+dTg3yC2vdTx4x/Tk vcg=
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 86400 IN RRSIG SOA 8 0 86400 20100512070000 20100505060000 55138 . Y68ch9CyPWWY93he1NoGQfo+cy2JptrWUpxPk5w4jFaM+sOyl0WE9ekE FDjbwbWuWjhTl/mg6ysMTHb7OmHbQcKTfPSY91E+5Mgdb0FBPIszjCRk x877xBmn5lTjxOclJJrSaSwfXwrjpIFcsAmstoofTi8ZeEgKfNabBBPL YFw=
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN A 193.0.14.129
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN A 199.7.83.42
l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
m.root-servers.net. 3600000 IN A 202.12.27.33
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 148 msec
;; SERVER: 192.33.4.12#53(192.33.4.12)
;; WHEN: Wed May 5 20:20:10 2010
;; MSG SIZE rcvd: 2181
More information about the dns-operations
mailing list