Am I the only one who thinks this is disconcerting?

[email protected] owen at delong.com
Wed Nov 8 19:25:38 UTC 2023 


> On Nov 7, 2023, at 23:09, Bryan Fields <Bryan at bryanfields.net> wrote:
> 
> On 11/8/23 1:29 AM, Owen DeLong via NANOG wrote:
>> https://dnsviz.net/d/10.159.192.in-addr.arpa/dnssec/
>> Seems to report a bunch of errors in the DS records for 192.in-addr.arpa held in the in-addr.arpa zone.
>> I figured I’d wait a few days and try again the first few times I encountered this, but it’s persisted for more than two weeks now.
> 
> Could these be related to the fact that dnsvis.net is trying to reach these servers via IPv6 and I think they use Hurricane for transit.  Since HE and Cogent is a major gap, this causes them to time out trying to reach the C root server over IPv6.
> 

It could well be… I haven’t tried to research the hosting of the dnsviz.net <http://dnsviz.net/> web server I’m connecting to and I don’t know anything about how their backend is structured (whether it’s on the same server or somewhere else, for example).

However, c.root-servers.net <http://c.root-servers.net/> is not the problem being reported. The servers that provide the zone in question are (reportedly):

arpa.                   84508   IN      NS      a.ns.arpa.
arpa.                   84508   IN      NS      b.ns.arpa.
arpa.                   84508   IN      NS      c.ns.arpa.
arpa.                   84508   IN      NS      d.ns.arpa.
arpa.                   84508   IN      NS      e.ns.arpa.
arpa.                   84508   IN      NS      f.ns.arpa.
arpa.                   84508   IN      NS      g.ns.arpa.
arpa.                   84508   IN      NS      h.ns.arpa.
arpa.                   84508   IN      NS      i.ns.arpa.
arpa.                   84508   IN      NS      k.ns.arpa.
arpa.                   84508   IN      NS      l.ns.arpa.
arpa.                   84508   IN      NS      m.ns.arpa.

c.ns.arpa does share an IPv6 address with c.root-servers.net <http://c.root-servers.net/>, however, so yes, the Cogent peering issue could be part of it.

Seems irresponsible to me that a root-server (or other critical DNS provider) would engage in a peering war to the exclusion of workable DNS.

Owen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231108/f769c07d/attachment.html>

More information about the NANOG mailing list