in-addr.arpa server problems for europe?

Michelle Sullivan matthew at sorbs.net
Tue Feb 16 07:16:18 UTC 2010


Mark Andrews wrote:
> In message <87iq9ys512.fsf at mid.deneb.enyo.de>, Florian Weimer writes:
>   
>> * Stephane Bortzmeyer:
>>
>>     
>>> It is highly improbable that all these name servers are unreachable
>>> from you. Therefore, I suspect that *content* is the issue. RIPE-NCC
>>> zones are signed with DNSSEC. Are you sure you do not have a broken
>>> middlebox which deletes DNSSEC-signed answers?
>>>       
>> Ahem. dig's +trace doesn't use EDNS by default, so no signatures and
>> (usually) no large responses.
>>     
>
> I actually suspect no IPv6 path rather than DNSSEC, add a -4 to force IPv4.
>   

And that is the solution!


(and I upgraded the resolver on all the machines to 9.6.1-P1 before
getting that far.)


Thanks,

Michelle





More information about the NANOG mailing list