"thanks for letting us know, a fix for v4 is in the works” :-)
Note: I am no longer allowed to play with our electrical equipment, I can only wield a small stick. Which I have done…. On May 28, 2015, at 5:40 AM, Joe Abley <jab...@hopcount.ca> wrote: > > > On 27 May 2015, at 20:40, Warren Kumari wrote: > >> On Wed, May 27, 2015 at 3:02 PM, Joe Abley <jab...@hopcount.ca> wrote: >>> >>> >>> On 27 May 2015, at 19:14, Warren Kumari wrote: >>> >>>>> For what it's worth, I have no problem getting a reasonable (negative) >>>>> response to ACCOUNTANT/IN/TLSA or SOMETHING.ACCOUNTANT/IN/TLSA from >>>>> 156.154.144.195 with EDNS0.DO=1 or without EDNS0. Perhaps I'm special :-) >> >> Yah, /I/ know you are special -- but I don't know how 156.154.144.195 >> knows you are. > > I think I must have been referring to the server using its name, which caused > dig to use IPv6. I also see timeouts on IPv4. Full dig output included this > time, to satisfy Warren's great thirst for cut and paste. > > Just goes to show, IPv6 is better. :-) > > These are Neustar-hosted zones. Surely there are still Neustar people on this > list who can say "thanks for letting us know, a fix for v4 is in the works". > > > Joe > > [scallop:~]% dig @ns1.dns.nic.accountant. accountant. tlsa +noedns > > ; <<>> DiG 9.8.3-P1 <<>> @ns1.dns.nic.accountant. accountant. tlsa +noedns > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62146 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;accountant. IN TLSA > > ;; AUTHORITY SECTION: > accountant. 7200 IN SOA ns1.dns.nic.accountant. > hostmaster.neustar.biz. 189 900 900 604800 86400 > > ;; Query time: 71 msec > ;; SERVER: 2610:a1:1071::c3#53(2610:a1:1071::c3) > ;; WHEN: Thu May 28 10:35:33 2015 > ;; MSG SIZE rcvd: 98 > > [scallop:~]% dig @ns1.dns.nic.accountant. accountant. tlsa +dnssec > > ; <<>> DiG 9.8.3-P1 <<>> @ns1.dns.nic.accountant. accountant. tlsa +dnssec > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4456 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 65235 > ;; QUESTION SECTION: > ;accountant. IN TLSA > > ;; AUTHORITY SECTION: > accountant. 7200 IN SOA ns1.dns.nic.accountant. > hostmaster.neustar.biz. 189 900 900 604800 86400 > accountant. 86400 IN NSEC *.accountant. A NS SOA MX TXT > SRV RRSIG NSEC DNSKEY > accountant. 7200 IN RRSIG SOA 8 1 7200 20150619085628 > 20150520075628 28309 accountant. > P3V+Bfo7JNkH207xoHvboXcIhW9Dulr0YUSMAqllEyepd0ms8Al8Tjs2 > TjIcENJbPA5iBwOZzpW5P2fjsq/jWp02aaOMjqRCRNraPRJD4fGxDtx8 > 4ex06Ysp6sOtFRssaCb4BJZ4kvdizCR64RuQdO56shP1AY5+BSKdBby/ tzU= > accountant. 86400 IN RRSIG NSEC 8 1 86400 20150619082936 > 20150520075628 28309 accountant. > Yt28u6y0wz+g2L90l/nP7HsmCdzGJ33Pf7+4277PKvLZIdyn+ksR4Rw8 > //3ZgSIn/59P0ZlV5qGh+xlKdOCoh0gMHjXHQkvtXByI5HIg/tXvRA22 > bCbcdHFujBy8WHKZQH6G0UAe+IkpEkMVwIFzSZs+5v1ATNliZUZeP9/C 4R0= > > ;; Query time: 102 msec > ;; SERVER: 2610:a1:1071::c3#53(2610:a1:1071::c3) > ;; WHEN: Thu May 28 10:35:44 2015 > ;; MSG SIZE rcvd: 484 > > [scallop:~]% dig @ns1.dns.nic.accountant. something.accountant. tlsa +noedns > > ; <<>> DiG 9.8.3-P1 <<>> @ns1.dns.nic.accountant. something.accountant. tlsa > +noedns > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59291 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;something.accountant. IN TLSA > > ;; AUTHORITY SECTION: > accountant. 7200 IN SOA ns1.dns.nic.accountant. > hostmaster.neustar.biz. 189 900 900 604800 86400 > > ;; Query time: 63 msec > ;; SERVER: 2610:a1:1071::c3#53(2610:a1:1071::c3) > ;; WHEN: Thu May 28 10:35:54 2015 > ;; MSG SIZE rcvd: 108 > > [scallop:~]% dig @ns1.dns.nic.accountant. something.accountant. tlsa +dnssec > > ; <<>> DiG 9.8.3-P1 <<>> @ns1.dns.nic.accountant. something.accountant. tlsa > +dnssec > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33169 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 65235 > ;; QUESTION SECTION: > ;something.accountant. IN TLSA > > ;; AUTHORITY SECTION: > accountant. 7200 IN SOA ns1.dns.nic.accountant. > hostmaster.neustar.biz. 189 900 900 604800 86400 > *.accountant. 86400 IN NSEC NIC.accountant. A MX TXT SRV > RRSIG NSEC > *.accountant. 86400 IN RRSIG NSEC 8 1 86400 20150619082936 > 20150520075628 28309 accountant. > TrjOnCgHxkycajWjg6FW6Q09Udpr7DIQMtRwh+r6ku8dwvUKFvPvJDE2 > XFUkmce3NqcxQHZvRnAhCado7fOtjlMecSiX/t8Ai1dOMoiCVoVpwbJJ > rqZuJnbiJM7bLn8Wqodkx4PXIG8WpgRVSjZ7SQf2/IWpC4E7Y5OIynR7 O24= > accountant. 7200 IN RRSIG SOA 8 1 7200 20150619085628 > 20150520075628 28309 accountant. > P3V+Bfo7JNkH207xoHvboXcIhW9Dulr0YUSMAqllEyepd0ms8Al8Tjs2 > TjIcENJbPA5iBwOZzpW5P2fjsq/jWp02aaOMjqRCRNraPRJD4fGxDtx8 > 4ex06Ysp6sOtFRssaCb4BJZ4kvdizCR64RuQdO56shP1AY5+BSKdBby/ tzU= > > ;; Query time: 68 msec > ;; SERVER: 2610:a1:1071::c3#53(2610:a1:1071::c3) > ;; WHEN: Thu May 28 10:36:09 2015 > ;; MSG SIZE rcvd: 497 > > [scallop:~]% dig -4 @ns1.dns.nic.accountant. accountant. tlsa +noedns > > ; <<>> DiG 9.8.3-P1 <<>> -4 @ns1.dns.nic.accountant. accountant. tlsa +noedns > ; (1 server found) > ;; global options: +cmd > ;; connection timed out; no servers could be reached > [scallop:~]% dig -4 @ns1.dns.nic.accountant. accountant. tlsa +dnssec > > ; <<>> DiG 9.8.3-P1 <<>> -4 @ns1.dns.nic.accountant. accountant. tlsa +dnssec > ; (1 server found) > ;; global options: +cmd > ;; connection timed out; no servers could be reached > [scallop:~]% dig -4 @ns1.dns.nic.accountant. something.accountant. tlsa > +noedns > > ; <<>> DiG 9.8.3-P1 <<>> -4 @ns1.dns.nic.accountant. something.accountant. > tlsa +noedns > ; (1 server found) > ;; global options: +cmd > ;; connection timed out; no servers could be reached > [scallop:~]% dig -4 @ns1.dns.nic.accountant. something.accountant. tlsa > +dnssec > > ; <<>> DiG 9.8.3-P1 <<>> -4 @ns1.dns.nic.accountant. something.accountant. > tlsa +dnssec > ; (1 server found) > ;; global options: +cmd > ;; connection timed out; no servers could be reached > [scallop:~]% > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
