[dns-operations] Anyone know what is going on with ns.coccaregistry.org?

Mark Andrews marka at isc.org
Thu Jun 13 00:47:19 UTC 2019


And given it is serving DNSSEC signed zones returning REFUSED to DNSKEY is just strange.

[beetle:~/git/bind9] marka% dig dnskey af
;; BADCOOKIE, retrying.

; <<>> DiG 9.15.0+hotspot+add-prefetch+marka <<>> dnskey af
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31237
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: eca91def21be9d87fc7c28ae5d019bd062f724b6f29077b3 (good)
;; QUESTION SECTION:
;af.				IN	DNSKEY

;; ANSWER SECTION:
af.			86400	IN	DNSKEY	257 3 8 AwEAAcKYFc1QFYxvvpcJtf9uHPYP8l0qmK7vVvb41bJawHVDjqbvWKHe JEm2UOFo0T+tJ5pERyZZPeTAdwNe8SZrZZcsoZ6mj8IEk/4bSINCc+kr 6M1o81YhSC3IqZRa4QNC8doNxqVwHX1YdtVyUDBPuYTukCLuobTG8JMj cmnFMsFXt/xEZkSbsw3Qkh6gasuAGmkHk8A8pc5BzY+7b3NXBzkHeA9A lkm/osKvoCg/AjEQ3ZDR6pcb6zywaqUfO3dBIEDZ5HVu5Uuzf05+HNOY nk4rQC/83VeeQWCI6yQKvefOroDhvMPY3tNxYuy830YHlgCYWY0/Gpk0 oH3b2XagN38=
af.			86400	IN	DNSKEY	256 3 8 AwEAAc+yo364hv1eW2GA7aClvgGDervNTYyGJZZE4YmtmS/1fxJJ8S9n rdn3F4cPC6pwCg5HJvp+ri8GnMEZgSln+2R/jbCTYibpBYMNJ0a2gQs1 DVOElL/RdA2fsYMHbHDC4WJjgaTPXvlif4b04tb2u5Lr0tCibudCE/1d k0TVDBDB42Ede/1aiqS4rsObt49jevAs5462wNbHsZRzTjqcEy2ni2Sg t8hqNHI2or87zH+UxeIHHm9imm70vCcOGqbLNspclzIrYvVgNwqGWdL1 Qf8FsOBpmWzVpZkYyFdBOHYtgOqm5JWW2QLLCeEYBSU22H+lFvKWnDvM bLz5rgrRShs=

;; Query time: 1693 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 13 10:41:52 AEST 2019
;; MSG SIZE  rcvd: 611

[beetle:~/git/bind9] marka% dig dnskey af @ns.coccaregistry.org +norec -4 +dnssec

; <<>> DiG 9.15.0+hotspot+add-prefetch+marka <<>> dnskey af @ns.coccaregistry.org +norec -4 +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51954
;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: d26949312341883a (echoed)
;; QUESTION SECTION:
;af.				IN	DNSKEY

;; Query time: 331 msec
;; SERVER: 185.17.236.111#53(185.17.236.111)
;; WHEN: Thu Jun 13 10:45:56 AEST 2019
;; MSG SIZE  rcvd: 43

[beetle:~/git/bind9] marka%

> On 13 Jun 2019, at 10:38 am, Mark Andrews <marka at isc.org> wrote:
> 
> The server seems to like to return REFUSED rather than the more useful NOERROR/NODATA response?
> 
> Mark
> 
> af. @185.17.236.111 (ns.coccaregistry.org.): A=ok NS=ok MD=refused MF=refused CNAME=ok SOA=ok MB=refused MG=refused MR=refused NULL=refused WKS=refused PTR=ok HINFO=refused MINFO=refused MX=ok TXT=refused RP=refused AFSDB=refused X25=refused ISDN=refused RT=refused NSAP=refused NSAP-PTR=refused SIG=refused KEY=refused PX=refused GPOS=refused AAAA=ok LOC=refused NXT=refused SRV=refused NAPTR=refused KX=refused CERT=refused A6=refused DNAME=refused APL=refused DS=refused SSHFP=refused IPSECKEY=refused RRSIG=refused NSEC=refused DNSKEY=refused DHCID=refused NSEC3=refused NSEC3PARAM=refused TLSA=refused SMIMEA=refused HIP=refused CDS=refused CDNSKEY=refused OPENPGPKEY=refused CSYNC=refused ZONEMD=refused SPF=refused NID=refused L32=refused L64=refused LP=refused EUI48=refused EUI64=refused URI=refused CAA=refused AVC=refused DOA=refused AMTRELAY=refused TA=refused DLV=refused TYPE1000=refused
> 
> af. @185.17.236.111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=refused
> af. @2a03:dd40:3::111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=refused
> kn. @185.17.236.111 (ns.coccaregistry.org.): dns=timeout edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok ednstcp=refused
> kn. @2a03:dd40:3::111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok ednstcp=refused
> ms. @185.17.236.111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok ednstcp=refused
> ms. @2a03:dd40:3::111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok ednstcp=refused
> sb. @185.17.236.111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=refused
> sb. @2a03:dd40:3::111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=refused
> tl. @185.17.236.111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=refused
> tl. @2a03:dd40:3::111 (ns.coccaregistry.org.): dns=ok edns=ok edns1=ok edns at 512=refused ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=refused
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org





More information about the dns-operations mailing list