[dns-operations] TLDmon QTYPE warning

Mark Andrews marka at isc.org
Fri Dec 9 00:49:41 UTC 2016


Mark Andrews writes:
> 
> In message <5a356a9c-ef24-56ce-c0eb-dabba1fa0391 at sidn.nl>, "Marco Davids (SIDN)" writes:
> > 
> > Hi Roy,
> > 
> > On 08/12/2016 12:22, Roy Arends wrote:
> > 
> > > It should be a warning, since this is slightly limited the deployment
> > > of the URI QTYPE in your namespace.
> > 
> > Good point! Thank you.
> > 
> > I was under the assumption that the NOTIMPL was only returned for
> > 
> > dig -t TYPE(UNKNONW) nl @ns2.dns.nl
> > 
> > But is it also returned for
> > 
> > dig -t TYPE(UNKNOWN) example.nl @ns2.dns.nl
> > 
> > We have an issue here that we will have to look into.
> 
> Don't worry you are not alone.  K.ROOT-SERVERS.NET and L.ROOT-SERVERS.NET
> also don't handle URI like this.
> 
> NOTIMPL only makes sense for meta types with QUERY and we have a
> reserved range for meta types.  Otherwise it should be NOERROR or
> NXDOMAIN.
> 
> If a server for a zone doesn't implement a type that is in a zone
> it should return SERVFAIL on loading the zone for all of the namespace
> (RFC 1034).  If it successfully loads the zone then NOERROR or
> NXDOMAIN are the results that should be returned depending upon
> whether the name exists in the zone or not (RFC 1034).
> 
> Mark
> 
> . @198.41.0.4 (a.root-servers.net.): all ok
> . @2001:503:ba3e::2:30 (a.root-servers.net.): all ok
> . @192.228.79.201 (b.root-servers.net.): all ok
> . @2001:500:84::b (b.root-servers.net.): all ok
> . @192.33.4.12 (c.root-servers.net.): all ok
> . @2001:500:2::c (c.root-servers.net.): all ok
> . @199.7.91.13 (d.root-servers.net.): all ok
> . @2001:500:2d::d (d.root-servers.net.): all ok
> . @192.203.230.10 (e.root-servers.net.): all ok
> . @2001:500:a8::e (e.root-servers.net.): all ok
> . @192.5.5.241 (f.root-servers.net.): all ok
> . @2001:500:2f::f (f.root-servers.net.): all ok
> . @192.112.36.4 (g.root-servers.net.): all ok
> . @2001:500:12::d0d (g.root-servers.net.): OPENPGPKEY=timeout
> . @198.97.190.53 (h.root-servers.net.): all ok
> . @2001:500:1::53 (h.root-servers.net.): all ok
> . @192.36.148.17 (i.root-servers.net.): all ok
> . @2001:7fe::53 (i.root-servers.net.): all ok
> . @192.58.128.30 (j.root-servers.net.): all ok
> . @2001:503:c27::2:30 (j.root-servers.net.): all ok
> . @193.0.14.129 (k.root-servers.net.): URI=notimp
> . @2001:7fd::1 (k.root-servers.net.): URI=notimp
> . @199.7.83.42 (l.root-servers.net.): URI=notimp
> . @2001:500:9f::42 (l.root-servers.net.): URI=notimp
> . @2001:dc3::35 (m.root-servers.net.): all ok
> . @202.12.27.33 (m.root-servers.net.): all ok
>  
> > Not just for the URI-type BTW, I see quite a few others as well. Some of
> > which are returning FORMERR (like TYPE1275).
> > 
> > Internally we refer to this matter as the 'KNOTIMPL'-issue ;-)
> > 
> > --
> > Marco

The full set of TLD servers that return NOTIMPL.  It looks
like k's updated / we didn't hit the broken instance.

grep =notimp typereport/type-tld.2016-12-09T00\:00\:00Z
. @199.7.83.42 (l.root-servers.net.): URI=notimpl
. @2001:500:9f::42 (l.root-servers.net.): URI=notimpl
amsterdam. @213.154.241.83 (ns2.nic.amsterdam.): URI=notimpl
amsterdam. @2001:7b8:606::83 (ns2.nic.amsterdam.): URI=notimpl
arpa. @199.7.83.42 (l.root-servers.net.): URI=notimpl
arpa. @2001:500:9f::42 (l.root-servers.net.): URI=notimpl
aw. @213.154.241.88 (ns2.dns.aw.): URI=notimpl
aw. @2001:7b8:606::88 (ns2.dns.aw.): URI=notimpl
cz. @194.0.13.1 (b.ns.nic.cz.): URI=notimpl
cz. @193.29.206.1 (d.ns.nic.cz.): URI=notimpl
cz. @2001:678:1::1 (d.ns.nic.cz.): URI=notimpl
dk. @192.38.7.242 (l.nic.dk.): URI=notimpl
dk. @2001:7f8:1f::1835:242:0 (l.nic.dk.): URI=notimpl
ge. @212.72.130.11 (ns.nic.ge.): RRSIG=notimpl
id. @202.155.30.227 (a.dns.id.): URI=notimpl
id. @2001:e00:1800::2 (a.dns.id.): URI=notimpl
mk. @193.29.206.2 (d.ext.nic.cz.): URI=notimpl
mk. @2001:678:1::2 (d.ext.nic.cz.): URI=notimpl
mp. @202.128.29.2 (ns1.nic.mp.): RRSIG=notimpl
mp. @202.128.29.135 (ns2.nic.mp.): RRSIG=notimpl
mp. @75.101.129.89 (ns3.nic.mp.): RRSIG=notimpl
mp. @75.101.133.101 (ns4.nic.mp.): RRSIG=notimpl
nl. @213.154.241.85 (ns2.dns.nl.): URI=notimpl
nl. @2001:7b8:606::85 (ns2.dns.nl.): URI=notimpl
np. @202.52.255.5 (shikhar.mos.com.np.): RRSIG=notimpl
politie. @213.154.241.82 (ns2.nic.politie.): URI=notimpl
politie. @2001:7b8:606::82 (ns2.nic.politie.): URI=notimpl
st. @195.178.160.2 (ns1.bahnhof.net.): RRSIG=notimpl
tz. @193.29.206.2 (d.ext.nic.cz.): URI=notimpl
tz. @2001:678:1::2 (d.ext.nic.cz.): URI=notimpl
vu. @202.80.32.9 (ns1-cctld.vunic.vu.): RRSIG=notimpl
xn--d1alf. @193.29.206.2 (d.ext.nic.cz.): URI=notimpl
xn--d1alf. @2001:678:1::2 (d.ext.nic.cz.): URI=notimpl

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list