nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: in-addr.arpa server problems for europe?

From: "Mark Scholten" <mark () streamservice nl>
Date: Mon, 15 Feb 2010 13:12:55 +0100



-----Original Message-----
From: Stephane Bortzmeyer [mailto:bortzmeyer () nic fr]
Sent: Monday, February 15, 2010 12:58 PM
To: Michelle Sullivan
Cc: NANOG list
Subject: Re: in-addr.arpa server problems for europe?

On Mon, Feb 15, 2010 at 10:22:17AM +0100,
 Michelle Sullivan <matthew () sorbs net> wrote
 a message of 185 lines which said:


213.in-addr.arpa.       86400   IN      NS      NS-PRI.RIPE.NET.
213.in-addr.arpa.       86400   IN      NS      NS3.NIC.FR.
213.in-addr.arpa.       86400   IN      NS      SUNIC.SUNET.SE.
213.in-addr.arpa.       86400   IN      NS      SNS-PB.ISC.ORG.
213.in-addr.arpa.       86400   IN      NS      SEC1.APNIC.NET.
213.in-addr.arpa.       86400   IN      NS      SEC3.APNIC.NET.
213.in-addr.arpa.       86400   IN      NS      TINNIE.ARIN.NET.
;; Received 224 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in

20011 ms


;; connection timed out; no servers could be reached


It is highly improbable that all these name servers are unreachable
from you. Therefore, I suspect that *content* is the issue. RIPE-NCC
zones are signed with DNSSEC. Are you sure you do not have a broken
middlebox which deletes DNSSEC-signed answers?

(I tried from an US/Datotel/Level3 machine and everything works.)



Solution: stop using DNSSEC or checking for DNSSEC. If you think it is
usefull: look for everything that could have an impact on it.
Previous By Date Next
Previous By Thread Next

Current thread: