[dns-operations] ns6.gandi.net firewall blocks TLSA lookups
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Nov 15 20:38:17 UTC 2016
It appears that a firewall in front of (at least one replica of)
the ns6.gandi.net nameserver is filtering TLSA lookups:
* RRtype TLSA: timeout
@ns6.gandi.net.[217.70.177.40]
; <<>> DiG 9.10.4-P2 <<>> +dnssec +noall +cmd +comment +qu +ans +auth +nocl +nottl +nosplit +norecur -t tlsa _25._tcp.fsck.email @217.70.177.40
;; connection timed out; no servers could be reached
* RRtype A: NODATA
@ns6.gandi.net.[217.70.177.40]
; <<>> DiG 9.10.4-P2 <<>> +dnssec +noall +cmd +comment +qu +ans +auth +nocl +nottl +nosplit +norecur -t a _25._tcp.fsck.email @217.70.177.40
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61945
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;_25._tcp.fsck.email. IN A
fsck.email. SOA ns1.phun.ch. hostmaster.phun.ch. 2016102901 7200 1800 1209600 1800
C6PFP82OK4JDTLM3K5A6AQQQTCC7QNO9.fsck.email. NSEC3 1 0 10 - DGU387IMBA76QE8CGH5JOVC6M77IV707 RRSIG TLSA
Anyone else seeing the same results? Anyone know whom to notify
to get prompt remediation?
--
Viktor.
More information about the dns-operations
mailing list