[dns-operations] dnsviz.net complaining "UDP_-_NOEDNS_" for gtld-servers.net

Casey Deccio casey at deccio.net
Fri Jun 5 16:37:03 UTC 2020


> On Jun 5, 2020, at 3:26 AM, Thomas Mieslinger <miesi at mail.com> wrote:
> 
> I have a customer complaining being unable to send/receive email.
> 
> https://dnsviz.net/d/sportsproducts.net/dnssec/
> 
> shows errors:
>    sportsproducts.net/DS: No response was received from the server
> over UDP (tried 12 times). (2001:502:1ca1::30, 2001:503:d414::30,
> 2001:503:eea3::30, UDP_-_NOEDNS_)
> 
>    sportsproducts.net/NS: No response was received from the server
> over UDP (tried 12 times). (2001:502:1ca1::30, 2001:503:d414::30,
> 2001:503:eea3::30, UDP_-_NOEDNS_)
> 

Just to be clear, the "tag" at the end, i.e., "UDP_-_NOEDNS_" is supposed to help the user understand what query options produced the error, so they can test it themselves.  It's not fully documented, so it's not surprising that it's confusing.  All that it means in this case is that a query was send over UDP ("UDP") with the RD bit cleared ("-") and no OPT record (NOEDNS), like this:

dig +noedns +ignore @2001:503:eea3::30 sportsproducts.net NS

*That* is the query that produced the error (timeout, in this case).  I should also note that other, full-featured queries were tried previously; the tag just focuses on the last and simplest query that resulted in the error, to show that event *that* query couldn't get through.

> From Germany (more specific HE-FRA) I can not reproduce this error.
> 
> From us-mkc (as8560): no problem.

Yup, at the moment, dnsviz.net only provides perspective from a single vantage point.

> 
> Answer size reported by dig: 864 (ds)/ 643 (ns)
> 
> Anyone an idea what is wrong?

I don't know that there's enough information here to determine what the problem is here.  Some servers are not reachable to retrieve critical records (e.g., DS), but that doesn't mean that *all* servers are unreachable.

Casey



More information about the dns-operations mailing list