[dns-operations] A glitch in DNSSEC in the root or a DNSviz bug?

Casey Deccio casey at deccio.net
Thu Apr 7 21:38:06 UTC 2011


On Thu, Apr 7, 2011 at 8:26 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>wrote:

> Did anyone see this yesterday? Was it a problem in the root or in
> DNSviz?
>
>
DNSViz reports reachability from its own vantage point.  If after several
attempts to query an auth server over UDP it receives no response, it tries
again with lowered max payload size (512).  Then, if after several more
tries it still receives no response, it tries again without EDNS0.  In that
case, the DO bit is no longer set, and it certainly won't receive RRSIGs.  I
haven't looked closely at the issue yet, but since others have confirmed
reachabilities I think that is the most likely explanation for DNSViz's
report, as opposed to RRSIGs simply not being served by the root server(s).
This probably needs more explanation in terms of reporting...

Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110407/da0ebe30/attachment.html>


More information about the dns-operations mailing list