in-addr.arpa server problems for europe?

Michelle Sullivan matthew at sorbs.net
Mon Feb 15 06:40:31 CST 2010


Michelle Sullivan wrote:
> Stephane Bortzmeyer wrote:
>   
>> On Mon, Feb 15, 2010 at 10:22:17AM +0100,
>>  Michelle Sullivan <michelle at sorbs.net> wrote 
>>  a message of 185 lines which said:
>>
>>   
>>     
>>> 213.in-addr.arpa.       86400   IN      NS      NS-PRI.RIPE.NET.
>>> 213.in-addr.arpa.       86400   IN      NS      NS3.NIC.FR.
>>> 213.in-addr.arpa.       86400   IN      NS      SUNIC.SUNET.SE.
>>> 213.in-addr.arpa.       86400   IN      NS      SNS-PB.ISC.ORG.
>>> 213.in-addr.arpa.       86400   IN      NS      SEC1.APNIC.NET.
>>> 213.in-addr.arpa.       86400   IN      NS      SEC3.APNIC.NET.
>>> 213.in-addr.arpa.       86400   IN      NS      TINNIE.ARIN.NET.
>>> ;; Received 224 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 20011 ms
>>>
>>> ;; connection timed out; no servers could be reached
>>>     
>>>       
>> It is highly improbable that all these name servers are unreachable
>> from you. Therefore, I suspect that *content* is the issue. RIPE-NCC
>> zones are signed with DNSSEC. Are you sure you do not have a broken
>> middlebox which deletes DNSSEC-signed answers?
>>
>> (I tried from an US/Datotel/Level3 machine and everything works.)
>>
>>
>>   
>>     
>
> Thanks... F**Kin' PIXs!
>   


Then again....

michelle at enigma:~$ dig +trace +bufsize=512 -x 81.255.164.225

; <<>> DiG 9.3.3 <<>> +trace +bufsize=512 -x 81.255.164.225
;; global options:  printcmd
.            352606    IN    NS    L.ROOT-SERVERS.NET.
.            352606    IN    NS    M.ROOT-SERVERS.NET.
.            352606    IN    NS    A.ROOT-SERVERS.NET.
.            352606    IN    NS    B.ROOT-SERVERS.NET.
.                352606    IN    NS    C.ROOT-SERVERS.NET.
.            352606    IN    NS    D.ROOT-SERVERS.NET.
.            352606    IN    NS    E.ROOT-SERVERS.NET.
.            352606    IN    NS    F.ROOT-SERVERS.NET.
.            352606    IN    NS    G.ROOT-SERVERS.NET.
.            352606    IN    NS    H.ROOT-SERVERS.NET.
.            352606    IN    NS    I.ROOT-SERVERS.NET.
.            352606    IN    NS    J.ROOT-SERVERS.NET.
.            352606    IN    NS    K.ROOT-SERVERS.NET.
;; Received 511 bytes from 111.125.160.132#53(111.125.160.132) in 1 ms

81.in-addr.arpa.    86400    IN    NS    SNS-PB.ISC.ORG.
81.in-addr.arpa.    86400    IN    NS    TINNIE.ARIN.NET.
81.in-addr.arpa.    86400    IN    NS    NS3.NIC.FR.
81.in-addr.arpa.    86400    IN    NS    SEC1.APNIC.NET.
81.in-addr.arpa.    86400    IN    NS    SEC3.APNIC.NET.
81.in-addr.arpa.    86400    IN    NS    SUNIC.SUNET.SE.
81.in-addr.arpa.    86400    IN    NS    NS-PRI.RIPE.NET.
;; Received 235 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 179 ms

;; connection timed out; no servers could be reached

michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @NS3.NIC.FR

; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @NS3.NIC.FR
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52112
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
255.81.in-addr.arpa.    172800    IN    NS    proof.rain.fr.
255.81.in-addr.arpa.    172800    IN    NS    ns.ripe.net.
255.81.in-addr.arpa.    172800    IN    NS    bow.rain.fr.

;; ADDITIONAL SECTION:
ns.ripe.net.        172800    IN    A    193.0.0.193
ns.ripe.net.        172800    IN    AAAA    2001:610:240:0:53::193

;; Query time: 320 msec
;; SERVER: 192.134.0.49#53(192.134.0.49)
;; WHEN: Mon Feb 15 23:37:36 2010
;; MSG SIZE  rcvd: 170

michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @SEC3.APNIC.NET

; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @SEC3.APNIC.NET
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32853
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
255.81.in-addr.arpa.    172800    IN    NS    ns.ripe.net.
255.81.in-addr.arpa.    172800    IN    NS    bow.rain.fr.
255.81.in-addr.arpa.    172800    IN    NS    proof.rain.fr.

;; Query time: 200 msec
;; SERVER: 202.12.28.140#53(202.12.28.140)
;; WHEN: Mon Feb 15 23:29:41 2010
;; MSG SIZE  rcvd: 126

michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @ns.ripe.net. 

; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @ns.ripe.net.
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1316
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
164.255.81.in-addr.arpa. 3600    IN    NS    proof.rain.fr.
164.255.81.in-addr.arpa. 3600    IN    NS    bow.rain.fr.

;; Query time: 322 msec
;; SERVER: 193.0.0.193#53(193.0.0.193)
;; WHEN: Mon Feb 15 23:30:03 2010
;; MSG SIZE  rcvd: 101

michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @proof.rain.fr.

; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @proof.rain.fr.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5704
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
225.164.255.81.in-addr.arpa. 3600 IN    PTR    mail.pharaon.fr.

;; AUTHORITY SECTION:
164.255.81.in-addr.arpa. 3600    IN    NS    194.51.3.65.
164.255.81.in-addr.arpa. 3600    IN    NS    bow.rain.fr.

;; ADDITIONAL SECTION:
bow.rain.fr.        83600    IN    A    194.51.3.49

;; Query time: 326 msec
;; SERVER: 194.51.3.65#53(194.51.3.65)
;; WHEN: Mon Feb 15 23:30:14 2010
;; MSG SIZE  rcvd: 149

michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @bow.rain.fr.

; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @bow.rain.fr.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22282
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
225.164.255.81.in-addr.arpa. 3600 IN    PTR    mail.pharaon.fr.

;; AUTHORITY SECTION:
164.255.81.in-addr.arpa. 3600    IN    NS    194.51.3.65.
164.255.81.in-addr.arpa. 3600    IN    NS    bow.rain.fr.

;; ADDITIONAL SECTION:
bow.rain.fr.        83600    IN    A    194.51.3.49

;; Query time: 340 msec
;; SERVER: 194.51.3.49#53(194.51.3.49)
;; WHEN: Mon Feb 15 23:30:54 2010
;; MSG SIZE  rcvd: 149

michelle at enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @SNS-PB.ISC.ORG

; <<>> DiG 9.3.3 <<>> +bufsize=4096 -x 81.255.164.225 @SNS-PB.ISC.ORG
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9273
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
255.81.in-addr.arpa.    172800    IN    NS    bow.rain.fr.
255.81.in-addr.arpa.    172800    IN    NS    ns.ripe.net.
255.81.in-addr.arpa.    172800    IN    NS    proof.rain.fr.

;; ADDITIONAL SECTION:
ns.ripe.net.        172800    IN    A    193.0.0.193
ns.ripe.net.        172800    IN    AAAA    2001:610:240:0:53::193

;; Query time: 183 msec
;; SERVER: 192.5.4.1#53(192.5.4.1)
;; WHEN: Mon Feb 15 23:31:20 2010
;; MSG SIZE  rcvd: 170

michelle at enigma:~$ dig -x 81.255.164.225 @SNS-PB.ISC.ORG

; <<>> DiG 9.3.3 <<>> -x 81.255.164.225 @SNS-PB.ISC.ORG
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2301
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 2

;; QUESTION SECTION:
;225.164.255.81.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
255.81.in-addr.arpa.    172800    IN    NS    bow.rain.fr.
255.81.in-addr.arpa.    172800    IN    NS    proof.rain.fr.
255.81.in-addr.arpa.    172800    IN    NS    ns.ripe.net.

;; ADDITIONAL SECTION:
ns.ripe.net.        172800    IN    A    193.0.0.193
ns.ripe.net.        172800    IN    AAAA    2001:610:240:0:53::193

;; Query time: 183 msec
;; SERVER: 192.5.4.1#53(192.5.4.1)
;; WHEN: Mon Feb 15 23:31:37 2010
;; MSG SIZE  rcvd: 159

michelle at enigma:~$ dig +trace +bufsize=4096 -x
81.255.164.225               

; <<>> DiG 9.3.3 <<>> +trace +bufsize=4096 -x 81.255.164.225
;; global options:  printcmd
.            352340    IN    NS    H.ROOT-SERVERS.NET.
.            352340    IN    NS    I.ROOT-SERVERS.NET.
.            352340    IN    NS    J.ROOT-SERVERS.NET.
.            352340    IN    NS    K.ROOT-SERVERS.NET.
.            352340    IN    NS    L.ROOT-SERVERS.NET.
.            352340    IN    NS    M.ROOT-SERVERS.NET.
.            352340    IN    NS    A.ROOT-SERVERS.NET.
.            352340    IN    NS    B.ROOT-SERVERS.NET.
.            352340    IN    NS    C.ROOT-SERVERS.NET.
.            352340    IN    NS    D.ROOT-SERVERS.NET.
.            352340    IN    NS    E.ROOT-SERVERS.NET.
.            352340    IN    NS    F.ROOT-SERVERS.NET.
.            352340    IN    NS    G.ROOT-SERVERS.NET.
;; Received 643 bytes from 111.125.160.132#53(111.125.160.132) in 1 ms

81.in-addr.arpa.    86400    IN    NS    NS3.NIC.FR.
81.in-addr.arpa.    86400    IN    NS    SEC1.APNIC.NET.
81.in-addr.arpa.    86400    IN    NS    SEC3.APNIC.NET.
81.in-addr.arpa.    86400    IN    NS    SUNIC.SUNET.SE.
81.in-addr.arpa.    86400    IN    NS    NS-PRI.RIPE.NET.
81.in-addr.arpa.    86400    IN    NS    SNS-PB.ISC.ORG.
81.in-addr.arpa.    86400    IN    NS    TINNIE.ARIN.NET.
;; Received 235 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 178 ms

;; connection timed out; no servers could be reached



... what am I missing?  (Set the PIX v7.2.1 to allow DNS upto 4096 bytes
- results are the same before and after)

Note: As far as I know lookups from this server worked until around Sept
09, the hosts changed from 203.15.51.32/27 to 111.125.160.129/26 at this
time, they have been failing since.

Thanks,

Michelle




More information about the NANOG mailing list