[dns-operations] Iran's IDNA TLD fun...

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Oct 17 18:46:06 UTC 2016


On Mon, Oct 17, 2016 at 12:11:20AM -0400,
 Viktor Dukhovni <ietf-dane at dukhovni.org> wrote 
 a message of 47 lines which said:

> 
> 	xn--mgba3a4f16a IN DNAME xn--mgba3a4f16a.ir.
> 
> Trying to resolve names under the target domain from the US works
> rather poorly, at least for me, and seemingly also DNSVIZ:

Testing with RIPE Atlas probes located in the US (measurement #6886597
with the DNAME and #6886615, same probes):

[] : 6 occurrences 
[ERROR: FORMERR] : 18 occurrences 
[ERROR: SERVFAIL] : 138 occurrences 
[158.58.185.204] : 530 occurrences   <- 54 % success
[TIMEOUT(S)] : 287 occurrences 
Test #6886597 done at 2016-10-17T17:25:47Z

[ERROR: FORMERR] : 2 occurrences 
[ERROR: SERVFAIL] : 24 occurrences 
[158.58.185.204] : 405 occurrences   <- 82 % success
[TIMEOUT(S)] : 60 occurrences 
Test #6886615 done at 2016-10-17T18:39:02Z

It seems:

1) DNAME have a problem

2) Even without DNAME, this domain is not perfect but there is no
general filtering of all US networks.

I tested myself from an US machine:

% check-soa -i xn--mgba3a4f16a.ir
a.nic.ir.
	193.189.123.2: OK: 2016101720 (164 ms)
b.nic.ir.
	193.189.122.83: OK: 2016101720 (168 ms)
ir.cctld.authdns.ripe.net.
	193.0.9.85: ERROR: 0 answer (77 ms)
	2001:67c:e0::85: ERROR: 0 answer (67 ms)



More information about the dns-operations mailing list