<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffcc">
Another datapoint:<br>
<br>
dig +dnssec @ns33.domaincontrol.com. replacementservices.com.<br>
<br>
; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec
@ns33.domaincontrol.com. replacementservices.com.<br>
; (1 server found)<br>
;; global options: +cmd<br>
;; connection timed out; no servers could be reached<br>
silver3:~ carlsen$ dig +dnssec replacementservices.com.<br>
<br>
; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec
replacementservices.com.<br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41422<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2<br>
<br>
;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags: do; udp: 4096<br>
;; QUESTION SECTION:<br>
;replacementservices.com. IN A<br>
<br>
;; ANSWER SECTION:<br>
replacementservices.com. 3600 IN A 72.32.12.235<br>
<br>
;; AUTHORITY SECTION:<br>
replacementservices.com. 3600 IN NS ns33.domaincontrol.com.<br>
replacementservices.com. 3600 IN NS ns34.domaincontrol.com.<br>
<br>
;; ADDITIONAL SECTION:<br>
ns33.domaincontrol.com. 3571 IN A 216.69.185.17<br>
<br>
;; Query time: 3297 msec<br>
;; SERVER: 192.168.15.2#53(192.168.15.2)<br>
;; WHEN: Wed Jun 23 19:39:30 2010<br>
;; MSG SIZE rcvd: 136<br>
<br>
silver3:~ carlsen$ dig +dnssec @ns34.domaincontrol.com.
replacementservices.com.<br>
<br>
; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec
@ns34.domaincontrol.com. replacementservices.com.<br>
; (1 server found)<br>
;; global options: +cmd<br>
;; connection timed out; no servers could be reached<br>
<br>
<br>
This could look like a connectivity problem, one of the "interesting"
ones. None of the official NSes will answer my dig, I do however get
answers from my named.<br>
<br>
Dig +trace finds no answer:<br>
<br>
dig +dnssec +trace replacementservices.com.<br>
<br>
; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec +trace
replacementservices.com.<br>
;; global options: +cmd<br>
. 331492 IN NS j.root-servers.net.<br>
. 331492 IN NS d.root-servers.net.<br>
. 331492 IN NS l.root-servers.net.<br>
. 331492 IN NS h.root-servers.net.<br>
. 331492 IN NS b.root-servers.net.<br>
. 331492 IN NS i.root-servers.net.<br>
. 331492 IN NS m.root-servers.net.<br>
. 331492 IN NS g.root-servers.net.<br>
. 331492 IN NS f.root-servers.net.<br>
. 331492 IN NS e.root-servers.net.<br>
. 331492 IN NS k.root-servers.net.<br>
. 331492 IN NS c.root-servers.net.<br>
. 331492 IN NS a.root-servers.net.<br>
. 331492 IN RRSIG NS 8 0 518400 20100628000000
20100620230000 55138 .
JItPMCeKTDTEjDyQgXLxSuxXEP01cA3k3tOlQDMhrCoDqZTrolGpMVAE
dN2+7C9NAKW/dxRcoRvOAaSNRB+xQciHSHBygFaxcnprD+X6eMmS5PI3
wbDo5jyakN/yntzn1pNEoYSR1SD2/Jl2BuwP4N3ermVT3dNFV7u4v/+f x6E=<br>
;; Received 441 bytes from 192.168.15.2#53(192.168.15.2) in 351 ms<br>
<br>
com. 172800 IN NS a.gtld-servers.net.<br>
com. 172800 IN NS i.gtld-servers.net.<br>
com. 172800 IN NS j.gtld-servers.net.<br>
com. 172800 IN NS h.gtld-servers.net.<br>
com. 172800 IN NS f.gtld-servers.net.<br>
com. 172800 IN NS g.gtld-servers.net.<br>
com. 172800 IN NS b.gtld-servers.net.<br>
com. 172800 IN NS k.gtld-servers.net.<br>
com. 172800 IN NS l.gtld-servers.net.<br>
com. 172800 IN NS c.gtld-servers.net.<br>
com. 172800 IN NS e.gtld-servers.net.<br>
com. 172800 IN NS m.gtld-servers.net.<br>
com. 172800 IN NS d.gtld-servers.net.<br>
com. 86400 IN NSEC coop. NS RRSIG NSEC<br>
com. 86400 IN RRSIG NSEC 8 1 86400 20100629070000
20100622060000 55138 .
HgSWgEehhDAiFJZGH164RXHv+QAE69DFF8QVsIiP+tR3FvSi5aijuv6N
a+ED1Wwj77dZYH0RNCrYrMiB1ct1pQ6p5WTFF5WoLXMVRxLPkRxT/UV7
MsQfqvkkaxWRQfRqHAzBbAeaZKAsGL8FGU1kT6e3AozNcY4dQm/ESzGB vzU=<br>
;; Received 725 bytes from 128.8.10.90#53(d.root-servers.net) in 157 ms<br>
<br>
replacementservices.com. 172800 IN NS ns33.domaincontrol.com.<br>
replacementservices.com. 172800 IN NS ns34.domaincontrol.com.<br>
;; Received 136 bytes from 192.12.94.30#53(e.gtld-servers.net) in 53 ms<br>
<br>
;; connection timed out; no servers could be reached<br>
<br>
<br>
<br>
<br>
On 23/06/10 17:49, Erwin Lansing wrote:
<blockquote cite="mid:20100623154922.GM76036@droso.net" type="cite">
<pre wrap="">On Wed, Jun 23, 2010 at 05:25:31PM +0200, Warren Kumari wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">
# dig +dnssec @ns33.domaincontrol.com. replacementservices.com.
</pre>
</blockquote>
<pre wrap="">
Since it's working quite okay for several locations on here, the
problem may be found somewhere in between sites.
I personally don't get any failures with the dig statement from above
no matter how often I try.
</pre>
</blockquote>
<pre wrap="">
<aol>
Me neither! Me neither!
</aol>
I also goes through AboveNet.
</pre>
</blockquote>
<pre wrap="">A few more datapoints. I tried from 4 different AS numbers, two in
Europe, two in the US, two routed via GLBX and two via above. Only one
of them works (via Above). I'm at a loss at finding similarities
between the non-working ones.
-erwin
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
</pre>
</body>
</html>