nanog mailing list archives

Re: Am I the only one who thinks this is disconcerting?

From: owen--- via NANOG <nanog () nanog org>
Date: Wed, 8 Nov 2023 11:25:38 -0800

On Nov 7, 2023, at 23:09, Bryan Fields <Bryan () bryanfields net> wrote:

On 11/8/23 1:29 AM, Owen DeLong via NANOG wrote:

https://dnsviz.net/d/10.159.192.in-addr.arpa/dnssec/
Seems to report a bunch of errors in the DS records for 192.in-addr.arpa held in the in-addr.arpa zone.
I figured I’d wait a few days and try again the first few times I encountered this, but it’s persisted for more than 
two weeks now.


Could these be related to the fact that dnsvis.net is trying to reach these servers via IPv6 and I think they use 
Hurricane for transit.  Since HE and Cogent is a major gap, this causes them to time out trying to reach the C root 
server over IPv6.


It could well be… I haven’t tried to research the hosting of the dnsviz.net <http://dnsviz.net/> web server I’m 
connecting to and I don’t know anything about how their backend is structured (whether it’s on the same server or 
somewhere else, for example).

However, c.root-servers.net <http://c.root-servers.net/> is not the problem being reported. The servers that provide 
the zone in question are (reportedly):

arpa.                   84508   IN      NS      a.ns.arpa.
arpa.                   84508   IN      NS      b.ns.arpa.
arpa.                   84508   IN      NS      c.ns.arpa.
arpa.                   84508   IN      NS      d.ns.arpa.
arpa.                   84508   IN      NS      e.ns.arpa.
arpa.                   84508   IN      NS      f.ns.arpa.
arpa.                   84508   IN      NS      g.ns.arpa.
arpa.                   84508   IN      NS      h.ns.arpa.
arpa.                   84508   IN      NS      i.ns.arpa.
arpa.                   84508   IN      NS      k.ns.arpa.
arpa.                   84508   IN      NS      l.ns.arpa.
arpa.                   84508   IN      NS      m.ns.arpa.

c.ns.arpa does share an IPv6 address with c.root-servers.net <http://c.root-servers.net/>, however, so yes, the Cogent 
peering issue could be part of it.

Seems irresponsible to me that a root-server (or other critical DNS provider) would engage in a peering war to the 
exclusion of workable DNS.

Owen

Current thread:

Re: Am I the only one who thinks this is disconcerting? Matthew Pounsett (Nov 10)
- Re: Am I the only one who thinks this is disconcerting? Mark Andrews (Nov 10)
- <Possible follow-ups>
- Re: Am I the only one who thinks this is disconcerting? owen--- via NANOG (Nov 10)
  - Re: Am I the only one who thinks this is disconcerting? Bryan Fields (Nov 10)
    - Re: Am I the only one who thinks this is disconcerting? Matt Corallo (Nov 13)
    - Re: Am I the only one who thinks this is disconcerting? Ryan Hamel (Nov 13)
    - Re: Am I the only one who thinks this is disconcerting? Matt Corallo (Nov 13)
    - Re: Am I the only one who thinks this is disconcerting? Matt Corallo (Nov 13)
    - Re: Am I the only one who thinks this is disconcerting? Owen DeLong via NANOG (Nov 13)
    - Message not available
    - Re: Am I the only one who thinks this is disconcerting? Giorgio Bonfiglio via NANOG (Nov 14)