Bad firewall/nameserver behaviour causing timeouts of DNS queries.

Mark Andrews marka at isc.org
Wed Jun 22 06:17:57 UTC 2016


The following nameservers for Alexa top 1M names fail to respond
to EDNS queries with EDNS options specified or fail to respond to
consecutive EDNS queries.  These have been run through the checks
multiple times to reduce the probability of false positives as
timeout can be the due to multiple causes.

For many there are other errors that should also be addressed.

This misbehaviour can cause DNSSEC validation to FAIL when the
servers serve signed zones.

This misbehaviour does result in significantly slower DNS resolution
(multiple seconds).

You can test your servers at https://ednscomp.isc.org/

This is sent here because both SOA and whois contact details are
wrong too often to bother trying to send to these addresses even
if whois was easy to parse.

Please fix your firewalls / nameservers as they are causing operational
problems.

Mark

lb.pagofacil.com.ar lb.pagofacil.com.ar lb.pagofacil.com.ar
server.inet.edu.ar siet.inet.edu.ar ns2.pillar.com.au ns1.agric.wa.gov.au
ns2.agric.wa.gov.au ns3.agric.wa.gov.au ns1.win.be ns2.win.be
ns.ahlia.edu.bh lb3.ache.com.br ns2.bibliomed.com.br
ns3.caixaseguros.com.br sdccd01.light.com.br ns1.poupex.com.br
ns3.poupex.com.br ns1.semparar.com.br ns2.semparar.com.br
creaprw12.crea-pr.org.br dns5.allstate.ca ns1.bellnhs.ca ns3.bellnhs.ca
ns5.bellnhs.ca ns1.cpr.ca ns2.cpr.ca ns1.cnsc-ccsn.gc.ca
ns2.cnsc-ccsn.gc.ca ns1.knowledgeone.ca ns2.knowledgeone.ca ns3.mmms.ca
gemini.hrsb.ns.ca ns.city.windsor.on.ca ns2.city.windsor.on.ca
ns1.thomascookgroup.ca ns2.thomascookgroup.ca ns1.bger.ch ns2.bger.ch
dn2.1.cl ns.autopistacentral.cl peumo.bancoconsorcio.cl
roble.bancoconsorcio.cl dns.bci.cl dns2.bci.cl ns.subtel.cl
nsaut.tie.cl ns2.sina.com.cn name.srit.com.cn dns.hncj.edu.cn
dns2.hncj.edu.cn dns.hut.edu.cn dns2.hut.edu.cn dns.jju.edu.cn
dns.lit.edu.cn dns.by.gov.cn dns2.gxeea.cn ns1.coscologistics.sh.cn
ariadne.presidencia.gov.co bdpalacio.presidencia.gov.co ns3.360safe.com
ns4.360safe.com ns5.360safe.com ns2.51dns.com ns8.91989.com
ns9.91989.com ns1.advisorlynx.com ns2.advisorlynx.com ns1.aegis-k.com
ns2.aegis-k.com ns1.affinity-petcare.com ns01.airliquide.com
ns03.airliquide.com ns1.alidns.com ns1.alidns.com ns2.alidns.com
ns2.alidns.com ns2.alidns.com vip1.alidns.com vip1.alidns.com
vip1.alidns.com vip1.alidns.com vip1.alidns.com vip1.alidns.com
vip2.alidns.com vip2.alidns.com vip2.alidns.com vip2.alidns.com
vip2.alidns.com vip2.alidns.com vip2.alidns.com ns1.amaes.com
ns2.amaes.com ns1.amatteroffax.com ns3.amvescap.com ns5.amvescap.com
ns1.arcatapet.com office.arcatapet.com pridns.ascendas.com
ns01.avanade.com ns02.avanade.com ns2.avastkorea.com det.dns.bbdo.com
ns1.bcbsmn.com ns2.bcbsmn.com harris-ns.bcharrispub.com
harris-ns2.bcharrispub.com bor-cp01.borouge.com bvdns.broadviewnet.com
bvdns2.broadviewnet.com ns5.carbonlogic.com ns2.ccmnyc.com
ns1.cmsbiztech.com ns1.corsicaferries.com ns3.corsicaferries.com
ns4.corsicaferries.com ns1.credibanco.com ns2.credibanco.com
cscdnscph002d.csc.com cscdnshyd002d.csc.com cscdnsklm002d.csc.com
cscdnsmds002d.csc.com cscdnsnoi002d.csc.com cscdnssng002d.csc.com
palladium.csc.com wserver.cyberdental.com webmail.dbfsindia.com
ns1.deseretdigital.com ns2.deseretdigital.com huey.disney.com
huey11.disney.com a.dnspod.com a.dnspod.com c.dnspod.com c.dnspod.com
ns1.dnsv2.com ns1.dnsv2.com ns1.dnsv2.com ns1.dnsv2.com ns1.dnsv2.com
ns2.dnsv2.com ns2.dnsv2.com ns2.dnsv2.com ns2.dnsv2.com ns1.dnsv3.com
ns1.dnsv3.com ns1.dnsv3.com ns1.dnsv3.com ns1.dnsv3.com ns1.dnsv3.com
ns2.dnsv3.com ns2.dnsv3.com ns1.dnsv4.com ns1.dnsv4.com ns1.dnsv4.com
ns1.dnsv4.com ns1.dnsv4.com ns2.dnsv4.com ns2.dnsv4.com ns2.dnsv4.com
ns2.dnsv4.com ns2.dnsv4.com ns2.dnsv4.com ns2.dnsv4.com ns1.dnsv5.com
ns1.dnsv5.com ns1.dnsv5.com ns1.dnsv5.com ns1.dnsv5.com ns1.dnsv5.com
ns1.dnsv5.com ns1.dnsv5.com ns1.dnsv5.com ns2.dnsv5.com ns2.dnsv5.com
ns2.dnsv5.com ns2.dnsv5.com ns2.dnsv5.com ns2.dnsv5.com ns2.dnsv5.com
ns2.dnsv5.com ns2.dnsv5.com ns03.dominos.com ns04.dominos.com
ns05.dominos.com ns1.dynalifedx.com ns1.dynamex.com ns2.dynamex.com
name1.eidebailly.com name2.eidebailly.com ns1.evaair.com ns2.evaair.com
ns3.evaair.com ns4.evaair.com ns.excodaegu.com ns.fanforum.com
ns1.fanforum.com leo.generator.com ns1.gesnetwork.com
ns01.globalexchangetechnology.com ns02.globalexchangetechnology.com
gtmgrin.gmrc.com gtmnew.gmrc.com ns3.gmrc.com ns4.gmrc.com
ns2.greensburgdailynews.com dns.heffel.com dns1.hichina.com
dns1.hichina.com dns1.hichina.com dns10.hichina.com dns10.hichina.com
dns10.hichina.com dns11.hichina.com dns11.hichina.com dns11.hichina.com
dns13.hichina.com dns13.hichina.com dns13.hichina.com dns14.hichina.com
dns14.hichina.com dns14.hichina.com dns17.hichina.com dns17.hichina.com
dns18.hichina.com dns18.hichina.com dns2.hichina.com dns2.hichina.com
dns21.hichina.com dns21.hichina.com dns21.hichina.com dns22.hichina.com
dns22.hichina.com dns22.hichina.com dns25.hichina.com dns25.hichina.com
dns25.hichina.com dns26.hichina.com dns26.hichina.com dns26.hichina.com
dns29.hichina.com dns29.hichina.com dns29.hichina.com dns30.hichina.com
dns30.hichina.com dns30.hichina.com expirens3.hichina.com
expirens4.hichina.com ns1.hichina.com ns1.hichina.com ns1.hichina.com
ns2.hichina.com ns2.hichina.com ns2.hichina.com dns-na-1.hill-rom.com
dns-na-2.hill-rom.com dns-na-3.hill-rom.com dns5.hkinventory.com
ns2.webhost.hm-software.com ns1.hotelbb.com ns10.huntington.com
ns11.huntington.com ns12.huntington.com ns13.huntington.com ns.ied.com
dns3.ifrontiers.com ns2.illumen.com ns1.inet-svcs.com ns2.inet-svcs.com
ns4a.inet-web.com ukdns.integralis.com dns3.integramed.com
ns2.jaxsheriff.com dns1.k-line.com ns1.kds.com ns2.kds.com
dns2.kline.com ns.krunis.com ns.kumkang.com labattdns2.labattfood.com
ns3.lallemand.com ns4.lallemand.com ns5.lfg.com ns6.lfg.com
gltb-ns1.srv.lukoil.com gltb-ns2.srv.lukoil.com mbsii2.mbsii.com
fox2.mightyautoparts.com ftp.munichreamerica.com dns2.mysteel.com
ns1.nameaction.com ns2.nameaction.com ns2.namesv.com dns.neovi.com
ns3.nextsite.com ns1.nhimidwest.com oss.oss.com ns1.page-az.com
capital1.pantavanij.com slmns1.paymentech.com tamns1.paymentech.com
webserver.pcgitaly.com ah-ns.plex.com dv-ns.plex.com mail.ppe.com
w5.ppe.com ns.procuebynet.com ns2.project-la.com ns4.regalhotel.com
ns1lo6.reutersmedia.reuters.com ns1nj.reutersmedia.reuters.com
ns2lo6.reutersmedia.reuters.com ns2nj.reutersmedia.reuters.com
ns1.samudera.com southern1.scsnet.com southern2.scsnet.com
ns4.seacomnet.com lp1000r-10194.admin.sfhs.com dns1.shift4.com
dns2.shift4.com gtm.shlegal.com skyserver.skycode.com smans1.smaportal.com
vm01.splendidlive.com ns1.sterling-intl.com ns2.sterling-intl.com
ns1.techdev.com ns2.techdev.com dns1.teldat.com dnsserver.teldat.com
mx1.telmar.com ns1.thronecomputer.com ns03.toolwire.com ns04.toolwire.com
ns0.topgayblacksites.com ns1.tranguard.com ns3.tranguard.com
ns2.travelbrands.com cloud3.triara.com ns1.twglobalmall.com
jinx.ucbiz.com ns1.urix.com ns2.urix.com nschs.virgin-atlantic.com
nsrhl.virgin-atlantic.com ns2.welcodns.com bri-ns01.wiley.com
ns1.williams.com ns2.williams.com ns1.wiredviews.com web.wlio.com
ns1.yourmortgageonline.com ns2.yourmortgageonline.com dns3.zeleris.com
ns3.bccr.fi.cr ns4.bccr.fi.cr ns1.network.cr ns2.network.cr
aragorn.autocont.cz ns.forpsi.cz ns.profireal.cz ns2.profireal.cz
ns1.euv-frankfurt-o.de ns2.euv-frankfurt-o.de dns.ipsos.de
ns1.suedkurier.de ns2.suedkurier-medienhaus.de dns.webtop.de
dnskm.univ-km.dz lomanegra.jardinazuayo.fin.ec ns1.amberton.edu
ns1.contracosta.edu ns1.gptc.edu ns1.malone.edu ns2.malone.edu
ns5.regent.edu ns.sabanciuniv.edu ns2.sabanciuniv.edu muser252.scciowa.edu
ns2.sidwell.edu dns.dpz.es ns2.interdigital.es crea.rae.es ns9.rae.es
dns.registromercantilbcn.es ns2.tko.fi nimi1.website.fi nimi2.website.fi
antares.c-strasbourg.fr erlwbi.interflora.fr
proxy1-rech.univ-valenciennes.fr pulsar.univ-valenciennes.fr
titan.univ-valenciennes.fr ns1.hamiltontn.gov rembrandt.masoutis.gr
gslb1.tigo.com.gt gslb2.tigo.com.gt ns2.adsale.com.hk ns1.skhsslmc.edu.hk
dns.matica.hr dns.plavalaguna.hr dante.univet.hu ns1.dnk.net.id
ns1.lgcsb.ie ns2.lgcsb.ie ns1.modata.ie ns1.nethost.co.il
ns2.nethost.co.il jbs.ac.in pdns.sit.ac.in ns1.axisbank.co.in
ns1.tmc.gov.in ns2.tmc.gov.in ns1.teri.res.in ns2.teri.res.in
ns1.idro.ir ns2.idro.ir ns1.isipo.ir ns1.audit.org.ir ns1.imo.org.ir
dns.biesse.it dns.careca.it sct2.carontetourist.it dns.cpsoftware.it
ns2.invisiblesite.it alfaterna.nuceria.it ns.sevenlab.it dns.gtt.torino.it
cap.tuins.ac.jp dns-x.sinet.ad.jp dns2.aoshima-bk.co.jp ns.kew.co.jp
juno.ntt-itn.co.jp vesta.ntt-itn.co.jp ns.santec.co.jp
ns.toshiba-carrier.co.jp dns.mcinc.jp ns.hkr.ne.jp dns1.jcc.ne.jp
ns01.netcoms.ne.jp ns.netsjapan.jp ns2.awa.or.jp lbdn.occto.or.jp
lbdn2.occto.or.jp july.river.sun-inet.or.jp sakura.unep.or.jp
pbant2.pba.jp pbant2.pba.jp dns2.ysu.ac.kr ns.carz.co.kr
astra02.coreana.co.kr ns.kcm.co.kr ns.zakon.kz ns1.customs.gov.lk
ns1.sliit.lk relay.cail.lu dns3.bkam.ma smtp-dns.douane.gov.ma
dns1.onssa.gov.ma dns.dicj.gov.mo dns0.anahuac.mx dns1.anahuac.mx
ns1.atento.com.mx dns1.hdi.com.mx ns2.hdi.com.mx dns.segurosatlas.com.mx
ns1.tvsa.com.mx dca.cu.uabjo.mx ns.uabjo.mx aldebaran.2m-equation.net
ns2.a-o-b.net ns.access-accounts.net ns2.autodata.net mail.brtk.net
ns2.cengage.net dnssdc.dagangnet.net ns1.digitalimpact.net
ns2.digitalimpact.net bizcn1.dnspod.net bizcn1.dnspod.net
bizcn1.dnspod.net bizcn1.dnspod.net bizcn2.dnspod.net bizcn2.dnspod.net
dns12.duckwood.net dns20.duckwood.net ns1.ecolon.net ns1.ecsd.net
cobra.endless.net cebudns.epldt.net enyo2.ez2.net ns.forpsi.net
pro2.gfdns.net dns1.hemsida.net ns1.host-web.net dns2.hostingsolutions.net
ns1.knibs.net dev.labellum.net dns01.mathbox.net ns1.netlinksys.net
ns30.netsupport.net ns2.oxi.net ns3.pasporte.net ns4.pasporte.net
ns01.reyrey.net ns02.reyrey.net ns2.rj2t.net ns1.safetyhost.net
dns1.sge.net dns2.sge.net dns3.sge.net dns4.sge.net ns.telanet.net
ns-amers-1.thomsonreuters.net ns-amers-2.thomsonreuters.net
ns-apac-1.thomsonreuters.net ns-apac-2.thomsonreuters.net
ns-emea-1.thomsonreuters.net ns-emea-2.thomsonreuters.net ns4.traddns.net
ns1.vologic.net ns2.vologic.net ns6.wgn.net ns3.xodeportal.net
ns4.xodeportal.net ss-ns02.infocare.no ns01.prioritytelecom.no
ns1.spsor.no ns2.spsor.no ns.freightways.co.nz dns1.clear.net.nz
dns2.clear.net.nz kirsty.paradise.net.nz rachel.paradise.net.nz
ns1.abp.org mc-dc-gtm1.act.org mc-dc-gtm2.act.org ns1.ecusd7.org
ns1.jaxsheriff.org ns2.jcboe.org dc1gtm01.mercywny.org
dc2gtm01.mercywny.org dns1.mkcl.org ns1.mozilla.org trl-dns1.tricore.org
reinberger.wrhs.org dns1.dge.gob.pe ns1.asiaunited.com.ph
ns1.asiaunited.com.ph ns2.asiaunited.com.ph ns2.aub.com.ph
ns1.cityschoolnetwork.edu.pk ns0.bdm.com.pl ns2.am.szczecin.pl
ns.aip.pt anje01.anje.pt ns2.drealentejo.pt ns3.drealentejo.pt
ns1.ipad.mne.gov.pt farolim.min-edu.pt ns1.qiib.com.qa ns2.qiib.com.qa
ns1.mfinante.ro ns2.mfinante.ro ns2.550550.ru ns2.croc.ru ns1.izh.ru
ns2.izh.ru ns01.nakolesah.ru ns1.primbank.ru ns2.primbank.ru
santa.veb.ru ns.securityservice.se pridns.dlink.com.sg pridns.stee.com.sg
secdns.stee.com.sg merlion.iseas.edu.sg merlion2.iseas.edu.sg
ns.aktifbank.com.tr ns.mngturizm.com.tr ns1.sarar.com.tr ns2.sarar.com.tr
ns.kepez-bld.gov.tr inter-dns.mfa.gov.tr inter2-dns.mfa.gov.tr
ns10.is.net.tr ns3.is.net.tr istasr.isbank.net.tr alfa.atso.org.tr
beta.atso.org.tr cmgcdns.china-motor.com.tw ns1.clco.com.tw
dnsc.credit.com.tw dns2.fullon-hotels.com.tw dns1.gigatms.com.tw
dns1.him.com.tw dns1.himax.com.tw dns2.himax.com.tw sunntb.infiniti.com.tw
dns.investor.com.tw dns1.krtco.com.tw dns2.krtco.com.tw
ns1.luxgen-motor.com.tw ns2.luxgen-motor.com.tw idc-dns1.megasec.com.tw
dns.scsb.com.tw dns1.tkbtv.com.tw ymtadc01.yamaha-motor.com.tw
ymtadc02.yamaha-motor.com.tw acts.pct.org.tw lcotextdns.leeds-lcot.ac.uk
unixa.nerc-swindon.ac.uk muppet.s-cheshire.ac.uk ns2.uxbridge.ac.uk
ns1.skipton.co.uk ns2.skipton.co.uk ns2.smartkonect.co.uk
ns-f5-01.spicerhaart.co.uk ns-f5-02.spicerhaart.co.uk
smodns01.hackney.gov.uk ns.forpsi.us dl9rv21.ldol.state.la.us
ns1.mcps.k12.md.us ns2.mcps.k12.md.us ns1.pacourts.us ns2.pacourts.us
dns1.pittcounty.us dns2.pittcounty.us cronos.scotiabank.com.uy
hestia.scotiabank.com.uy cedns.corteelectoral.gub.uy lancelot.dgr.gub.uy
ingenio03.latu.org.uy dns1.hnue.edu.vn

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka at isc.org

------- End of Forwarded Message



More information about the NANOG mailing list