[dns-operations] glitch on [ip6|in-addr].arpa?

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Oct 10 02:51:06 UTC 2019


On Wed, Oct 09, 2019 at 05:41:43PM -0400, Viktor Dukhovni wrote:

> No, even small responses receive no answers from the IPv6 addresses
> of the C and F roots.  Both of the below time out even though I'm
> not setting the "DO" bit:
> 
>     $ dig -6 +norecur -t soa arpa. @2001:500:2f::f
>     $ dig -6 +norecur -t soa arpa. @2001:500:2::c
> 
> Looks like an outage from my vantage point.

I still see no answers from C or F from NYC via a Hurrican Electric
GRE tunnel, since my ISP (Verizon FiOS) still does not provide
native IPv6. :-(

    $ dig +short -t ns arpa. | sort |
        while read ns; do
          dig +short -t aaaa $ns |
          while read ip; do
            echo "@$ns[$ip]:"
	    dig -6 +norecur +noall +ans +nocl +nottl -t soa arpa. @$ip
	  done
        done

I get (for both UDP and TCP):

    @a.root-servers.net.[2001:503:ba3e::2:30]:
    @b.root-servers.net.[2001:500:200::b]:
    @d.root-servers.net.[2001:500:2d::d]:
    @e.root-servers.net.[2001:500:a8::e]:
    @g.root-servers.net.[2001:500:12::d0d]:
    @h.root-servers.net.[2001:500:1::53]:
    @i.root-servers.net.[2001:7fe::53]:
    @k.root-servers.net.[2001:7fd::1]:
    @l.root-servers.net.[2001:500:9f::42]:
    @m.root-servers.net.[2001:dc3::35]:
    arpa.                   SOA     a.root-servers.net. nstld.verisign-grs.com. 2019101000 1800 900 604800 86400

    @c.root-servers.net.[2001:500:2::c]:
    @f.root-servers.net.[2001:500:2f::f]:
    ;; connection timed out; no servers could be reached

    $ traceroute6 c.root-servers.net.
     1  tunnel545690.tunnel.tserv4.nyc4.ipv6.he.net  5.364 ms  4.937 ms  6.851 ms
     2  ve422.core1.nyc4.he.net  5.516 ms  5.214 ms  3.592 ms
     3  * * *
     4  * * *
     5  * * *
     6  * *^C

    $ traceroute6 f.root-servers.net.
     1  tunnel545690.tunnel.tserv4.nyc4.ipv6.he.net  8.442 ms  6.772 ms  7.252 ms
     2  ve422.core1.nyc4.he.net  4.641 ms  3.155 ms  5.392 ms
     3  100ge16-1.core1.ash1.he.net  10.781 ms  21.786 ms  8.046 ms
     4  100ge10-2.core1.lax1.he.net  65.768 ms  63.279 ms  62.687 ms
     5  * * *
     6  * * *
     7  * * *
     8  * * *
     9  * *^C

    $ traceroute6 b.root-servers.net.
     1  tunnel545690.tunnel.tserv4.nyc4.ipv6.he.net  7.586 ms  5.679 ms  6.274 ms
     2  ve422.core1.nyc4.he.net  2.290 ms  3.214 ms  3.492 ms
     3  100ge16-1.core1.ash1.he.net  30.615 ms  22.676 ms  10.004 ms
     4  100ge8-2.core1.atl1.he.net  19.438 ms  21.777 ms  22.249 ms
     5  100ge5-1.core1.tpa1.he.net  32.631 ms  33.048 ms  31.741 ms
     6  100ge12-1.core1.mia1.he.net  38.909 ms  35.077 ms  36.040 ms
     7  2001:478:124::241  40.241 ms  36.194 ms  36.724 ms
     8  2800:bc0:0:42::12  36.672 ms  36.952 ms  36.865 ms
     9  2001:500:205:5::2  36.565 ms  38.712 ms  36.606 ms
    10  * * *
    11  * * *
    12  * * *
    13  * * *
    14  *^C

Perhaps the issue is on the HE.net side?  Don't know whether that's
expected.  Doing the test from a server in .DE where I have a guest
account, I get answers from all the roots:

    @a.root-servers.net.[2001:503:ba3e::2:30]:
    @b.root-servers.net.[2001:500:200::b]:
    @c.root-servers.net.[2001:500:2::c]:
    @d.root-servers.net.[2001:500:2d::d]:
    @e.root-servers.net.[2001:500:a8::e]:
    @f.root-servers.net.[2001:500:2f::f]:
    @g.root-servers.net.[2001:500:12::d0d]:
    @h.root-servers.net.[2001:500:1::53]:
    @i.root-servers.net.[2001:7fe::53]:
    @k.root-servers.net.[2001:7fd::1]:
    @l.root-servers.net.[2001:500:9f::42]:
    @m.root-servers.net.[2001:dc3::35]:
    arpa.                   SOA     a.root-servers.net. nstld.verisign-grs.com. 2019101000 1800 900 604800 86400

But it seems that DNSViz and I are (still) in the same situation
with regard to the C and F IPv6 roots.

    http://dnsviz.net/d/arpa/dnssec/

The IPv4 anycasts work fine:

    @a.root-servers.net.[198.41.0.4]:
    @b.root-servers.net.[199.9.14.201]:
    @c.root-servers.net.[192.33.4.12]:
    @d.root-servers.net.[199.7.91.13]:
    @e.root-servers.net.[192.203.230.10]:
    @f.root-servers.net.[192.5.5.241]:
    @g.root-servers.net.[192.112.36.4]:
    @h.root-servers.net.[198.97.190.53]:
    @i.root-servers.net.[192.36.148.17]:
    @k.root-servers.net.[193.0.14.129]:
    @l.root-servers.net.[199.7.83.42]:
    @m.root-servers.net.[202.12.27.33]:
    arpa.                   SOA     a.root-servers.net. nstld.verisign-grs.com. 2019101000 1800 900 604800 86400

-- 
	Viktor.



More information about the dns-operations mailing list