[dns-operations] most of root NS and com's NS fail from here
Emmanuel Thierry
ml at sekil.fr
Tue Apr 29 17:55:56 UTC 2014
Hello,
Le 29 avr. 2014 à 19:26, David Conrad a écrit :
>
> On Apr 29, 2014, at 3:05 AM, Emmanuel Thierry <ml at sekil.fr> wrote:
>> If i'm not mistaken, the Chinese filtering is performed on a per-service basis.
>
> The (presumably UDP) based traceroute appears to get stuck just after entering the DREN, not at the Chinese border...
A UDP traceroute is definitely not reliable as a network debugging tool. UDP is commonly filtered by firewalls in entreprise or managed networks. You need at least a ICMP traceroute or a mtr.
As an example, the UDP traceroute gives exactly the same kind of results in my home or servers as Ken Peng, though i don't have any trouble in making DNS queries at it, even with a +notcp flag.
What we may observe from tests is that some dns servers failed without an obvious connectivity problem (ping is OK). As a consequence, i think it would be really interesting to test for instance with an arbitrary dns server and see whether it fails or not.
Best regards
Emmanuel Thierry
More information about the dns-operations
mailing list