[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
2.0.0.2.ip6.arpa broken
On Sat, Aug 14, 2004 at 09:17:56AM +0100, David Malone wrote:
> 2.0.0.2.ip6.int has become completely unavailable in the last few
> days, resulting in delays for people connecting from 6to4 addresses
> via ssh and the like.
2.0.0.2.ip6.arpa is also broken in all colors.
soa @ns.apnic.net. for ip6.arpa. has serial: 2004071900
soa @ns.icann.org. for ip6.arpa. has serial: 2004071900
soa @ns-sec.ripe.net. for ip6.arpa. has serial: 2004071900
dig @tinnie.arin.net. for SOA of parent (ip6.arpa.) failed
==> tinnie.arin.net IPv6 connectivity is broken:
$ dig @69.25.34.195 ip6.arpa. SOA +short
dns1.icann.org. hostmaster.icann.org. 2004071900 3600 1800 604800 10800
$ dig @2001:440:2000:1::22 ip6.arpa. SOA
; <<>> DiG 9.2.3 <<>> @2001:440:2000:1::22 ip6.arpa. SOA
;; global options: printcmd
;; connection timed out; no servers could be reached
Found 0 NS and 0 glue records for 2.0.0.2.ip6.arpa. @ns.apnic.net. (AUTH)
Found 0 NS and 0 glue records for 2.0.0.2.ip6.arpa. @ns.icann.org. (AUTH)
Found 4 NS and 4 glue records for 2.0.0.2.ip6.arpa. @ns-sec.ripe.net. (AUTH)
DNServers for ip6.arpa.
=== 3 were also authoritatve for 2.0.0.2.ip6.arpa.
=== 0 were non-authoritative for 2.0.0.2.ip6.arpa.
ERROR: Found 2 diff sets of NS records
=== from servers authoritative for 2.0.0.2.ip6.arpa.
WARNING: ns.apnic.net. claims to be authoritative for 2.0.0.2.ip6.arpa.
== but no NS record at parent zone
WARNING: ns.icann.org. claims to be authoritative for 2.0.0.2.ip6.arpa.
== but no NS record at parent zone
WARNING: ns-sec.ripe.net. claims to be authoritative for
2.0.0.2.ip6.arpa.
== but no NS record at parent zone
==> so although the three remaining NS for ip6.arpa have the same SOA
serial, they obviously have a different view on the NS RRset for
2.0.0.2.ip6.arpa... and all are authoritative for 2.0.0.2.ip6.arpa.
Now looking at the NS RRset ns-sec.ripe.net returns for 2.0.0.2.ip6.arpa:
== ns-apnic.6to4.nro.net. ns-arin.6to4.nro.net. ns-lacnic.6to4.nro.net.
== ns-ripe.6to4.nro.net.
soa @ns-apnic.6to4.nro.net. for 2.0.0.2.ip6.arpa. serial: 2004072901
dig @ns-arin.6to4.nro.net. for SOA of 2.0.0.2.ip6.arpa. failed
soa @ns-lacnic.6to4.nro.net. for 2.0.0.2.ip6.arpa. serial: 2004072901
soa @ns-ripe.6to4.nro.net. for 2.0.0.2.ip6.arpa. serial: 2004072901
==> ns-arin.6to4.nro.net == tinnie.arin.net, so we have the same IPv6
reachability problem again
What a mess all over... why do ns.apnic.net and ns.icann.org return
NXDOMAIN when queried for the NS RRset for 2.0.0.2.ip6.arpa, but
ns-sec.ripe.net returning one? It looks like the whole 2.0.0.2.ip6.arpa
is missing in the ip6.arpa zone, and ns-sec.ripe.net is only by chance
carrying the 2.0.0.2.ip6.arpa zone, thus returning the NS RRset.
I wonder where's the right place to report such global (multi-RIR/org)
DNS problems to, if not v6ops. I see no "global IPv6 operations" list,
can anyone enlighten me?
Best regards,
Daniel