[dns-operations] 0x20 breakage *over TCP* from CDNS servers affecting 35 TLDs

PASZTOR Miklos pasztor at iszt.hu
Mon Feb 4 18:38:58 UTC 2019 

On 19-02-04 17:36, Zenon Mousmoulas wrote:
>Hello again.
>
>As of today this issue now affects only the following TLDs and NS currently in the root zone:
>
>ac.			172800	IN	NS	ns-a3.ac.
>bn.			172800	IN	NS	ns1.bnnic.bn.
>io.			172800	IN	NS	ns-a3.io.
>sh.			172800	IN	NS	ns-a3.sh.
>tm.			172800	IN	NS	ns-a3.tm.
>tm.			172800	IN	NS	ns-a4.tm.

 It seems that currently this is not true for all anycast nodes. From my home network:

dig +tcp -t ns Gr. @gr-c.ics.forth.gr

; <<>> DiG 9.11.5-P1-1~bpo9+1-Debian <<>> +tcp -t ns Gr. @gr-c.ics.forth.gr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10350
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 11
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gr.                            IN      NS

;; ANSWER SECTION:
gr.                     10800   IN      NS      gr-c.ics.forth.gr.
gr.                     10800   IN      NS      gr-d.ics.forth.gr.
gr.                     10800   IN      NS      gr-m.ics.forth.gr.
gr.                     10800   IN      NS      estia.ics.forth.gr.
gr.                     10800   IN      NS      gr-at.ics.forth.gr.
gr.                     10800   IN      NS      grdns.ics.forth.gr.

;; ADDITIONAL SECTION:
gr-d.ics.forth.gr.      172800  IN      A       194.0.11.102
gr-d.ics.forth.gr.      172800  IN      AAAA    2001:678:e:102::53
gr-c.ics.forth.gr.      172800  IN      A       194.0.1.25
gr-c.ics.forth.gr.      172800  IN      AAAA    2001:678:4::19
estia.ics.forth.gr.     172800  IN      A       139.91.191.3
estia.ics.forth.gr.     172800  IN      AAAA    2001:648:2c30::191:3
gr-m.ics.forth.gr.      172800  IN      A       194.0.4.10
gr-m.ics.forth.gr.      172800  IN      AAAA    2001:678:7::4:10
gr-at.ics.forth.gr.     172800  IN      A       78.104.145.227
grdns.ics.forth.gr.     172800  IN      A       139.91.1.1

;; Query time: 4 msec
;; SERVER: 194.0.1.25#53(194.0.1.25)
;; WHEN: Mon Feb 04 19:34:48 CET 2019
;; MSG SIZE  rcvd: 428

 Whereas the same query over UDP works as expected.
 Probably not all anycast nodes have received the upgrade yet.

 Regards,
 Miklós
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190204/fe631c15/attachment.sig>

More information about the dns-operations mailing list