[dns-operations] Iran's IDNA TLD fun...
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Oct 17 18:46:06 UTC 2016
On Mon, Oct 17, 2016 at 12:11:20AM -0400,
Viktor Dukhovni <ietf-dane at dukhovni.org> wrote
a message of 47 lines which said:
>
> xn--mgba3a4f16a IN DNAME xn--mgba3a4f16a.ir.
>
> Trying to resolve names under the target domain from the US works
> rather poorly, at least for me, and seemingly also DNSVIZ:
Testing with RIPE Atlas probes located in the US (measurement #6886597
with the DNAME and #6886615, same probes):
[] : 6 occurrences
[ERROR: FORMERR] : 18 occurrences
[ERROR: SERVFAIL] : 138 occurrences
[158.58.185.204] : 530 occurrences <- 54 % success
[TIMEOUT(S)] : 287 occurrences
Test #6886597 done at 2016-10-17T17:25:47Z
[ERROR: FORMERR] : 2 occurrences
[ERROR: SERVFAIL] : 24 occurrences
[158.58.185.204] : 405 occurrences <- 82 % success
[TIMEOUT(S)] : 60 occurrences
Test #6886615 done at 2016-10-17T18:39:02Z
It seems:
1) DNAME have a problem
2) Even without DNAME, this domain is not perfect but there is no
general filtering of all US networks.
I tested myself from an US machine:
% check-soa -i xn--mgba3a4f16a.ir
a.nic.ir.
193.189.123.2: OK: 2016101720 (164 ms)
b.nic.ir.
193.189.122.83: OK: 2016101720 (168 ms)
ir.cctld.authdns.ripe.net.
193.0.9.85: ERROR: 0 answer (77 ms)
2001:67c:e0::85: ERROR: 0 answer (67 ms)
More information about the dns-operations
mailing list