On Thu, Apr 7, 2011 at 8:26 AM, Stephane Bortzmeyer <span dir="ltr"><<a href="mailto:bortzmeyer@nic.fr">bortzmeyer@nic.fr</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Did anyone see this yesterday? Was it a problem in the root or in<br>
DNSviz?<br>
<br></blockquote><div><br>DNSViz reports reachability from its own vantage point. If after
several attempts to query an auth server over UDP it receives no
response, it tries again with lowered max payload size (512). Then, if
after several more tries it still receives no response, it tries again
without EDNS0. In that case, the DO bit is no longer set, and it
certainly won't receive RRSIGs. I haven't looked closely at the issue
yet, but since others have confirmed reachabilities I think that is the
most likely explanation for DNSViz's report, as opposed to RRSIGs simply
not being served by the root server(s). This probably needs more explanation in terms of reporting...<br>
<br>
Casey<br></div></div>