[dns-operations] Iran's IDNA TLD fun...

Mark Andrews marka at isc.org
Mon Oct 17 21:17:50 UTC 2016 

In message <20161017184606.GA20353 at sources.org>, Stephane Bortzmeyer writes:
> On Mon, Oct 17, 2016 at 12:11:20AM -0400,
>  Viktor Dukhovni <ietf-dane at dukhovni.org> wrote 
>  a message of 47 lines which said:
> 
> > 
> > 	xn--mgba3a4f16a IN DNAME xn--mgba3a4f16a.ir.
> > 
> > Trying to resolve names under the target domain from the US works
> > rather poorly, at least for me, and seemingly also DNSVIZ:
> 
> Testing with RIPE Atlas probes located in the US (measurement #6886597
> with the DNAME and #6886615, same probes):
> 
> [] : 6 occurrences 
> [ERROR: FORMERR] : 18 occurrences 
> [ERROR: SERVFAIL] : 138 occurrences 
> [158.58.185.204] : 530 occurrences   <- 54 % success
> [TIMEOUT(S)] : 287 occurrences 
> Test #6886597 done at 2016-10-17T17:25:47Z
> 
> [ERROR: FORMERR] : 2 occurrences 
> [ERROR: SERVFAIL] : 24 occurrences 
> [158.58.185.204] : 405 occurrences   <- 82 % success
> [TIMEOUT(S)] : 60 occurrences 
> Test #6886615 done at 2016-10-17T18:39:02Z
> 
> It seems:
> 
> 1) DNAME have a problem
> 
> 2) Even without DNAME, this domain is not perfect but there is no
> general filtering of all US networks.
> 
> I tested myself from an US machine:
> 
> % check-soa -i xn--mgba3a4f16a.ir
> a.nic.ir.
> 	193.189.123.2: OK: 2016101720 (164 ms)
> b.nic.ir.
> 	193.189.122.83: OK: 2016101720 (168 ms)
> ir.cctld.authdns.ripe.net.
> 	193.0.9.85: ERROR: 0 answer (77 ms)
> 	2001:67c:e0::85: ERROR: 0 answer (67 ms)

The NS records are inconsistent between ir and xn--mgba3a4f16a.ir
and of all the nameservers on a.nic.ir and b.nic.ir are configured
to serve xn--mgba3a4f16a.ir.

> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list