About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

RE: [dns-wg] RIPE NCC DNSSEC on the reverse tree update.

  • To: "Brett Carr" <
    >
  • From: Alexander Gall <
    >
  • Date: Wed, 30 Nov 2005 08:59:37 +0100
On Tue, 29 Nov 2005 16:38:58 +0100, "Brett Carr" brettcarr@localhost said:

>> Did you have a chance to look (or have somebody else have a 
>> look :-) at 
>> <https://www.ripe.net/cgi-bin/delcheck/delcheck2.cgi> for the 
>> zone 176.195.in-addr.arpa?  I can see two problems:
>> 
>> - For some reason, the tool doesn't get replies to queries for NS and
>> DNSKEY records at our name servers {merapi,scsnms}.switch.ch with
>> the DO flag set.  The tool then (erroneously) concludes that these
>> RRsets are inconsistent among the servers for the zone.
>> 
>> I see the queries coming in on our servers from 193.0.0.214.  Could
>> it be that the replies are filtered somwhere in your network (having
>> strange flags and all that)?


> We have now fixed this after finding some strange (udp fragment) filtering
> behaviour on our Juniper router, We will be carrying out more (lab based)
> tests on this and will report the results to Juniper.

Thanks!

--
Alex
Post To The List:

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community