ocsp.verisign.com ipv6 dns broken?

Florian Lohoff f at zz.de
Fri Oct 19 17:02:01 CEST 2012


Hi,

is this a known issue? Asking for AAAA or ANY just 
does not give ANY response which obviously breaks down
for any resolver trying to be clever and retrieving 
quad-A records together with a A RR


I was wondering why all SSL enabled websites were slow as
hell:


flo at p:~$ dig -t a ocsp.verisign.net @199.7.57.206

; <<>> DiG 9.7.3 <<>> -t a ocsp.verisign.net @199.7.57.206
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33983
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ocsp.verisign.net.		IN	A

;; ANSWER SECTION:
ocsp.verisign.net.	30	IN	A	199.7.55.72

;; Query time: 262 msec
;; SERVER: 199.7.57.206#53(199.7.57.206)
;; WHEN: Fri Oct 19 16:57:49 2012
;; MSG SIZE  rcvd: 51




flo at p:~$ dig -t aaaa ocsp.verisign.net @199.7.57.206

; <<>> DiG 9.7.3 <<>> -t aaaa ocsp.verisign.net @199.7.57.206
;; global options: +cmd
;; connection timed out; no servers could be reached




Flo
-- 
Florian Lohoff                                                 f at zz.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20121019/70195aa1/attachment.bin 


More information about the ipv6-ops mailing list