nanog mailing list archives
Re: in-addr.arpa server problems for europe?
From: Michelle Sullivan <matthew () sorbs net>
Date: Tue, 16 Feb 2010 08:16:18 +0100
Mark Andrews wrote:
In message <87iq9ys512.fsf () mid deneb enyo de>, Florian Weimer writes:* Stephane Bortzmeyer:It is highly improbable that all these name servers are unreachable from you. Therefore, I suspect that *content* is the issue. RIPE-NCC zones are signed with DNSSEC. Are you sure you do not have a broken middlebox which deletes DNSSEC-signed answers?Ahem. dig's +trace doesn't use EDNS by default, so no signatures and (usually) no large responses.I actually suspect no IPv6 path rather than DNSSEC, add a -4 to force IPv4.
And that is the solution! (and I upgraded the resolver on all the machines to 9.6.1-P1 before getting that far.) Thanks, Michelle
Current thread:
- Re: in-addr.arpa server problems for europe?, (continued)
- Re: in-addr.arpa server problems for europe? Seth Mattinen (Feb 15)
- Re: in-addr.arpa server problems for europe? Steven Bellovin (Feb 15)
- RE: in-addr.arpa server problems for europe? Mark Scholten (Feb 15)
- Re: in-addr.arpa server problems for europe? Mark Andrews (Feb 15)
- RE: in-addr.arpa server problems for europe? Mark Scholten (Feb 15)
- Re: in-addr.arpa server problems for europe? Mark Andrews (Feb 15)
- Re: in-addr.arpa server problems for europe? Joly MacFie (Feb 15)
- Re: in-addr.arpa server problems for europe? Mark Andrews (Feb 15)
- Re: in-addr.arpa server problems for europe? Mark Andrews (Feb 15)
- Re: in-addr.arpa server problems for europe? Michelle Sullivan (Feb 15)