[ripe.net #160643] 6to4 DNS space

Jeroen Massar jeroen at unfix.org
Tue Oct 23 23:34:19 CEST 2007 

David Malone wrote:
> Is it my imagination, or has the reverse DNS space for 2002:: become
> a twisty maze of lame delegations again? Only two of the five
> ip6.arpa servers answer a query for 2.0.0.2.ip6.arpa; the other 3
> look lame.
> 
> The ones that work point to name servers in 6to4.nro.net. Two of
> the four servers for nro.net can give NS records for 6to4.nro.net
> and the other two are lame.
> 
> When I finally ask for addresses of the servers in 6to4.nro.net, 3
> of the 4 servers are probably lame, and the fourth REFUSED to answer
> my query.

It seems to be completely broken(tm). See below for the output of my
teeny script.

Looks more that 6to4.nro.net is broken.

jeroen at noc:~$ bin/nscheck 2.0.0.2.ip6.arpa
================================================
OKAY: 0
================================================

================================================
BAD: 1
================================================
2.0.0.2.ip6.arpa.:fail - ns.lacnic.net. - tinnie.arin.net. -
ns-arin.6to4.nro.net. - ns-ripe.6to4.nro.net. - ns-apnic.6to4.nro.net. -
ns-lacnic.6to4.nro.net.

================================================
Log
================================================
ns.lacnic.net. for domain 2.0.0.2.ip6.arpa. FAIL
8<------------------------------------------------------------

; <<>> DiG 9.4.1-P1 <<>> @ns.lacnic.net. 2.0.0.2.ip6.arpa. SOA
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56737
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;2.0.0.2.ip6.arpa.              IN      SOA

;; Query time: 230 msec
;; SERVER: 200.160.0.7#53(200.160.0.7)
;; WHEN: Tue Oct 23 23:28:08 2007
;; MSG SIZE  rcvd: 34

------------------------------------------------------------>8
tinnie.arin.net. for domain 2.0.0.2.ip6.arpa. FAIL
8<------------------------------------------------------------

; <<>> DiG 9.4.1-P1 <<>> @tinnie.arin.net. 2.0.0.2.ip6.arpa. SOA
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64449
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;2.0.0.2.ip6.arpa.              IN      SOA

;; Query time: 90 msec
;; SERVER: 2001:500:4:1::53#53(2001:500:4:1::53)
;; WHEN: Tue Oct 23 23:28:09 2007
;; MSG SIZE  rcvd: 34

------------------------------------------------------------>8
ns-arin.6to4.nro.net. for domain 2.0.0.2.ip6.arpa. FAIL
8<------------------------------------------------------------
dig: couldn't get address for 'ns-arin.6to4.nro.net.': failure
------------------------------------------------------------>8
ns-ripe.6to4.nro.net. for domain 2.0.0.2.ip6.arpa. FAIL
8<------------------------------------------------------------
dig: couldn't get address for 'ns-ripe.6to4.nro.net.': failure
------------------------------------------------------------>8
ns-apnic.6to4.nro.net. for domain 2.0.0.2.ip6.arpa. FAIL
8<------------------------------------------------------------
dig: couldn't get address for 'ns-apnic.6to4.nro.net.': failure
------------------------------------------------------------>8
ns-lacnic.6to4.nro.net. for domain 2.0.0.2.ip6.arpa. FAIL
8<------------------------------------------------------------
dig: couldn't get address for 'ns-lacnic.6to4.nro.net.': failure
------------------------------------------------------------>8
================================================

Hmm, I notice that I need to add the NS records themselves also to the
recursive testing :)

Clearly this seems to be an issue already at 6to4.nro.net as David
indicates... Something clearly missynced there.

Greets,
 Jeroen

--
jeroen at noc:~$ bin/nscheck ns-arin.6to4.nro.net
================================================
OKAY: 0
================================================

================================================
BAD: 1
================================================
ns-arin.6to4.nro.net.:fail - ns.lacnic.net. - tinnie.arin.net. -
ns.ripe.net. - ns3.apnic.net.

================================================
Log
================================================
ns.lacnic.net. for domain ns-arin.6to4.nro.net. FAIL
8<------------------------------------------------------------

; <<>> DiG 9.4.1-P1 <<>> @ns.lacnic.net. ns-arin.6to4.nro.net. SOA
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38821
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns-arin.6to4.nro.net.          IN      SOA

;; Query time: 230 msec
;; SERVER: 200.160.0.7#53(200.160.0.7)
;; WHEN: Tue Oct 23 23:32:00 2007
;; MSG SIZE  rcvd: 38

------------------------------------------------------------>8
tinnie.arin.net. for domain ns-arin.6to4.nro.net. FAIL
8<------------------------------------------------------------

; <<>> DiG 9.4.1-P1 <<>> @tinnie.arin.net. ns-arin.6to4.nro.net. SOA
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49403
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns-arin.6to4.nro.net.          IN      SOA

;; Query time: 91 msec
;; SERVER: 2001:500:4:1::53#53(2001:500:4:1::53)
;; WHEN: Tue Oct 23 23:32:01 2007
;; MSG SIZE  rcvd: 38

------------------------------------------------------------>8
ns.ripe.net. for domain ns-arin.6to4.nro.net. FAIL
8<------------------------------------------------------------

; <<>> DiG 9.4.1-P1 <<>> @ns.ripe.net. ns-arin.6to4.nro.net. SOA
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1729
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns-arin.6to4.nro.net.          IN      SOA

;; Query time: 4 msec
;; SERVER: 2001:610:240:0:53::193#53(2001:610:240:0:53::193)
;; WHEN: Tue Oct 23 23:32:01 2007
;; MSG SIZE  rcvd: 38

------------------------------------------------------------>8
ns3.apnic.net. for domain ns-arin.6to4.nro.net. FAIL
8<------------------------------------------------------------

; <<>> DiG 9.4.1-P1 <<>> @ns3.apnic.net. ns-arin.6to4.nro.net. SOA
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 12688
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns-arin.6to4.nro.net.          IN      SOA

;; Query time: 298 msec
;; SERVER: 2001:dc0:1:0:4777::131#53(2001:dc0:1:0:4777::131)
;; WHEN: Tue Oct 23 23:32:02 2007
;; MSG SIZE  rcvd: 38

------------------------------------------------------------>8
================================================

 http://rt2.ripe.net/Ticket/Attachment/851118/401594
 ( application/pgp-signature : signature.asc )

More information about the ipv6-ops mailing list