[dns-operations] Fortinet contact? Problems with their public resolvers
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Jun 12 16:12:30 UTC 2018
Does somebody have a contact to Fortinet admins? We do see a strange
problem (effecting Fortinet customers using Fortinet's resolver).
Their resolvers quite often return SERVFAIL for DNSSEC signed zones, and
we are quite sure that the zones are signed correct and the
authoritative name servers respond correct (see below).
Thanks
Klaus
$ dig @208.91.112.53 dnssec-signiert.at
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> @208.91.112.53 dnssec-signiert.at
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29466
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dnssec-signiert.at. IN A
;; Query time: 423 msec
;; SERVER: 208.91.112.53#53(208.91.112.53)
;; WHEN: Tue Jun 12 16:11:00 UTC 2018
;; MSG SIZE rcvd: 47
$ dig @208.91.112.52 dnssec-signiert.at
; <<>> DiG 9.9.5-3ubuntu0.16-Ubuntu <<>> @208.91.112.52 dnssec-signiert.at
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22481
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dnssec-signiert.at. IN A
;; AUTHORITY SECTION:
dnssec-signiert.at. 300 IN SOA ns2.at43.at. mib.nic.at.
1009 600 3600 604800 600
;; Query time: 334 msec
;; SERVER: 208.91.112.52#53(208.91.112.52)
;; WHEN: Tue Jun 12 16:11:04 UTC 2018
;; MSG SIZE rcvd: 100
More information about the dns-operations
mailing list