> >> It seems that m.root-servers.net is now serving DNSSEC, but does not have
> >> TCP, so the following queries all fail
> >
> > Well these queries work just fine for me. Perhaps your problems are caused
> > by local misconfiguration such as a broken CPE/middleware box or DNS proxy?
>
> I think its that its agressively multihomed, and ONE of the instances is not
> working with TCP.
>
> My home net happily lets through anything on port 53, TCP or UDP, and I'm
> seeing the same symptoms, but a little more data:
>
> I think there may be something more wrong with that instance thats causing
> the TCP failures, so it might be something more general:
I definitely see problems with m.root-servers.net and TCP from here
(Oslo, Norway):
% dig any . @202.12.27.33
;; Truncated, retrying in TCP mode.
;; communications error to 202.12.27.33#53: connection reset
% dig +tcp NS . @202.12.27.33
;; communications error to 202.12.27.33#53: connection reset
% dig any . @2001:dc3::35
;; Truncated, retrying in TCP mode -> works, 1895 byte answer
% dig +tcp NS . @2001:dc3::35
works, 632 byte answer
So it looks like the IPv4 instance refuses TCP, while the IPv6 instance
handles it okay. No filters in the way at my end. The m.root-servers.net
instance looks like it is in Paris or thereabouts - but there is quite
a bit of difference between the instances: IPv4 (highly variable ping,
RTT 700 ms or more) and IPv6 (ping steady at RTT 44-45 ms).
% traceroute 202.12.27.33
traceroute to 202.12.27.33 (202.12.27.33), 64 hops max, 40 byte packets
1 ge0-3-1-99.ar1.hmg9.no.cachbone.net (193.75.110.65) 0.412 ms 0.508 ms
0.782 ms
2 ge2-0-2.cr1.xa19.no.catchbone.net (193.75.1.217) 0.626 ms 0.635 ms 0.626
ms
3 te5-1-0.br1.xa19.no.catchbone.net (193.75.1.74) 0.464 ms 0.326 ms 0.287
ms
4 TenGigabitEthernet8-3.ar1.OSL2.gblx.net (64.211.83.13) 0.469 ms 0.476 ms
0.469 ms
5 pos2-0-0-10G.ar1.ARN3.gblx.net (67.17.106.86) 7.328 ms 7.344 ms 7.334 ms
6 tiscali-1.ar1.ARN3.gblx.net (64.208.110.130) 7.340 ms 7.342 ms 7.334 ms
7 xe-4-1-0.par20.ip4.tinet.net (89.149.184.18) 33.077 ms
xe-0-2-0.par20.ip4.tinet.net (89.149.187.193) 33.081 ms
xe-4-1-0.par20.ip4.tinet.net (89.149.184.18) 33.072 ms
8 213.200.76.38 (213.200.76.38) 53.975 ms 42.443 ms 42.284 ms
9 * M.ROOT-SERVERS.NET (202.12.27.33) 180.041 ms 995.786 ms
% traceroute6 2001:dc3::35
traceroute6 to 2001:dc3::35 (2001:dc3::35) from 2001:8c0:8500:1::2, 64 hops
max, 12 byte packets
1 ge0-3-1-99.ar1.hmg9.no.catchbone.net 81.250 ms 0.517 ms 0.502 ms
2 ge2-0-2.cr1.xa19.no.catchbone.net 0.477 ms 0.526 ms 0.475 ms
3 te7-1-0.cr1.fn3.no.catchbone.net 0.647 ms 0.661 ms 0.634 ms
4 te5-3-0.br1.fn3.no.catchbone.net 4.686 ms 0.674 ms 0.631 ms
5 ix-6-0-0.core2.OS1-Oslo.ipv6.as6453.net 0.943 ms 0.819 ms 0.789 ms
6 POS5-0-0.core1.AD1-Amsterdam.ipv6.as6453.net 26.062 ms 25.932 ms 25.914
ms
7 if-1-0-0.1663.core1.FV0-Frankfurt.ipv6.as6453.net 34.651 ms 34.520 ms
34.488 ms
8 POS10-0-0.core1.PV1-Paris.ipv6.as6453.net 43.541 ms 43.726 ms 43.699 ms
9 wide-m-root-server-2.sfinx.tm.fr 43.536 ms 141.217 ms 43.734 ms
10 M.ROOT-SERVERS.NET 44.020 ms 44.348 ms 44.338 ms
Steinar Haug, Nethelp consulting, sth...@nethelp.no
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
