[dns-operations] glitch on [ip6|in-addr].arpa?
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu Oct 10 02:51:06 UTC 2019
On Wed, Oct 09, 2019 at 05:41:43PM -0400, Viktor Dukhovni wrote:
> No, even small responses receive no answers from the IPv6 addresses
> of the C and F roots. Both of the below time out even though I'm
> not setting the "DO" bit:
>
> $ dig -6 +norecur -t soa arpa. @2001:500:2f::f
> $ dig -6 +norecur -t soa arpa. @2001:500:2::c
>
> Looks like an outage from my vantage point.
I still see no answers from C or F from NYC via a Hurrican Electric
GRE tunnel, since my ISP (Verizon FiOS) still does not provide
native IPv6. :-(
$ dig +short -t ns arpa. | sort |
while read ns; do
dig +short -t aaaa $ns |
while read ip; do
echo "@$ns[$ip]:"
dig -6 +norecur +noall +ans +nocl +nottl -t soa arpa. @$ip
done
done
I get (for both UDP and TCP):
@a.root-servers.net.[2001:503:ba3e::2:30]:
@b.root-servers.net.[2001:500:200::b]:
@d.root-servers.net.[2001:500:2d::d]:
@e.root-servers.net.[2001:500:a8::e]:
@g.root-servers.net.[2001:500:12::d0d]:
@h.root-servers.net.[2001:500:1::53]:
@i.root-servers.net.[2001:7fe::53]:
@k.root-servers.net.[2001:7fd::1]:
@l.root-servers.net.[2001:500:9f::42]:
@m.root-servers.net.[2001:dc3::35]:
arpa. SOA a.root-servers.net. nstld.verisign-grs.com. 2019101000 1800 900 604800 86400
@c.root-servers.net.[2001:500:2::c]:
@f.root-servers.net.[2001:500:2f::f]:
;; connection timed out; no servers could be reached
$ traceroute6 c.root-servers.net.
1 tunnel545690.tunnel.tserv4.nyc4.ipv6.he.net 5.364 ms 4.937 ms 6.851 ms
2 ve422.core1.nyc4.he.net 5.516 ms 5.214 ms 3.592 ms
3 * * *
4 * * *
5 * * *
6 * *^C
$ traceroute6 f.root-servers.net.
1 tunnel545690.tunnel.tserv4.nyc4.ipv6.he.net 8.442 ms 6.772 ms 7.252 ms
2 ve422.core1.nyc4.he.net 4.641 ms 3.155 ms 5.392 ms
3 100ge16-1.core1.ash1.he.net 10.781 ms 21.786 ms 8.046 ms
4 100ge10-2.core1.lax1.he.net 65.768 ms 63.279 ms 62.687 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * *^C
$ traceroute6 b.root-servers.net.
1 tunnel545690.tunnel.tserv4.nyc4.ipv6.he.net 7.586 ms 5.679 ms 6.274 ms
2 ve422.core1.nyc4.he.net 2.290 ms 3.214 ms 3.492 ms
3 100ge16-1.core1.ash1.he.net 30.615 ms 22.676 ms 10.004 ms
4 100ge8-2.core1.atl1.he.net 19.438 ms 21.777 ms 22.249 ms
5 100ge5-1.core1.tpa1.he.net 32.631 ms 33.048 ms 31.741 ms
6 100ge12-1.core1.mia1.he.net 38.909 ms 35.077 ms 36.040 ms
7 2001:478:124::241 40.241 ms 36.194 ms 36.724 ms
8 2800:bc0:0:42::12 36.672 ms 36.952 ms 36.865 ms
9 2001:500:205:5::2 36.565 ms 38.712 ms 36.606 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 *^C
Perhaps the issue is on the HE.net side? Don't know whether that's
expected. Doing the test from a server in .DE where I have a guest
account, I get answers from all the roots:
@a.root-servers.net.[2001:503:ba3e::2:30]:
@b.root-servers.net.[2001:500:200::b]:
@c.root-servers.net.[2001:500:2::c]:
@d.root-servers.net.[2001:500:2d::d]:
@e.root-servers.net.[2001:500:a8::e]:
@f.root-servers.net.[2001:500:2f::f]:
@g.root-servers.net.[2001:500:12::d0d]:
@h.root-servers.net.[2001:500:1::53]:
@i.root-servers.net.[2001:7fe::53]:
@k.root-servers.net.[2001:7fd::1]:
@l.root-servers.net.[2001:500:9f::42]:
@m.root-servers.net.[2001:dc3::35]:
arpa. SOA a.root-servers.net. nstld.verisign-grs.com. 2019101000 1800 900 604800 86400
But it seems that DNSViz and I are (still) in the same situation
with regard to the C and F IPv6 roots.
http://dnsviz.net/d/arpa/dnssec/
The IPv4 anycasts work fine:
@a.root-servers.net.[198.41.0.4]:
@b.root-servers.net.[199.9.14.201]:
@c.root-servers.net.[192.33.4.12]:
@d.root-servers.net.[199.7.91.13]:
@e.root-servers.net.[192.203.230.10]:
@f.root-servers.net.[192.5.5.241]:
@g.root-servers.net.[192.112.36.4]:
@h.root-servers.net.[198.97.190.53]:
@i.root-servers.net.[192.36.148.17]:
@k.root-servers.net.[193.0.14.129]:
@l.root-servers.net.[199.7.83.42]:
@m.root-servers.net.[202.12.27.33]:
arpa. SOA a.root-servers.net. nstld.verisign-grs.com. 2019101000 1800 900 604800 86400
--
Viktor.
More information about the dns-operations
mailing list