[dns-operations] Iran's IDNA TLD fun...
Mark Andrews
marka at isc.org
Mon Oct 17 21:17:50 UTC 2016
In message <20161017184606.GA20353 at sources.org>, Stephane Bortzmeyer writes:
> On Mon, Oct 17, 2016 at 12:11:20AM -0400,
> Viktor Dukhovni <ietf-dane at dukhovni.org> wrote
> a message of 47 lines which said:
>
> >
> > xn--mgba3a4f16a IN DNAME xn--mgba3a4f16a.ir.
> >
> > Trying to resolve names under the target domain from the US works
> > rather poorly, at least for me, and seemingly also DNSVIZ:
>
> Testing with RIPE Atlas probes located in the US (measurement #6886597
> with the DNAME and #6886615, same probes):
>
> [] : 6 occurrences
> [ERROR: FORMERR] : 18 occurrences
> [ERROR: SERVFAIL] : 138 occurrences
> [158.58.185.204] : 530 occurrences <- 54 % success
> [TIMEOUT(S)] : 287 occurrences
> Test #6886597 done at 2016-10-17T17:25:47Z
>
> [ERROR: FORMERR] : 2 occurrences
> [ERROR: SERVFAIL] : 24 occurrences
> [158.58.185.204] : 405 occurrences <- 82 % success
> [TIMEOUT(S)] : 60 occurrences
> Test #6886615 done at 2016-10-17T18:39:02Z
>
> It seems:
>
> 1) DNAME have a problem
>
> 2) Even without DNAME, this domain is not perfect but there is no
> general filtering of all US networks.
>
> I tested myself from an US machine:
>
> % check-soa -i xn--mgba3a4f16a.ir
> a.nic.ir.
> 193.189.123.2: OK: 2016101720 (164 ms)
> b.nic.ir.
> 193.189.122.83: OK: 2016101720 (168 ms)
> ir.cctld.authdns.ripe.net.
> 193.0.9.85: ERROR: 0 answer (77 ms)
> 2001:67c:e0::85: ERROR: 0 answer (67 ms)
The NS records are inconsistent between ir and xn--mgba3a4f16a.ir
and of all the nameservers on a.nic.ir and b.nic.ir are configured
to serve xn--mgba3a4f16a.ir.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list