DNS problem with svn0.eu.freebsd.org
Kimmo Paasiala
kpaasial at gmail.com
Wed Oct 30 04:42:43 UTC 2013
On Wed, Oct 30, 2013 at 5:42 AM, Mark Andrews <marka at isc.org> wrote:
>
> In message <CA+7WWSdTSDpLAAef_V=6uiNJTrU36ivtfCus0iE4x7q8KAVsbg at mail.gmail.com>
> , Kimmo Paasiala writes:
>> On Tue, Oct 29, 2013 at 11:34 PM, Kimmo Paasiala <kpaasial at gmail.com> wrote:
>> > On Tue, Oct 29, 2013 at 11:29 PM, Kimmo Paasiala <kpaasial at gmail.com> wrote
>> :
>> >> I'm getting SERVFAIL response and I can not use the mirror to update
>> >> any SVN sources. The addressed for us-west and us-east mirrors work.
>> >>
>> >> freebsd10 /usr/src # dig svn0.eu.freebsd.org
>> >>
>> >>
>> >> ; <<>> DiG 9.9.4 <<>> svn0.eu.freebsd.org
>> >>
>> >> ;; global options: +cmd
>> >>
>> >> ;; Got answer:
>> >>
>> >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43548
>> >>
>> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>> >>
>> >>
>> >> ;; OPT PSEUDOSECTION:
>> >>
>> >> ; EDNS: version: 0, flags:; udp: 4096
>> >>
>> >> ;; QUESTION SECTION:
>> >>
>> >> ;svn0.eu.freebsd.org. IN A
>> >>
>> >>
>> >> ;; Query time: 261 msec
>> >>
>> >> ;; SERVER: 10.71.14.1#53(10.71.14.1)
>> >>
>> >> ;; WHEN: Tue Oct 29 23:26:31 EET 2013
>> >>
>> >> ;; MSG SIZE rcvd: 48
>> >>
>> >>
>> >> freebsd10 /usr/src #
>> >>
>> >> -Kimmo
>> >
>> > Seems the problem was only a temporary one, sorry for the noise....
>>
>>
>> It's failing again with SERVFAIL, I'll have to switch to using the
>> us-east mirror I guess.
>
> Have you told your firewall to pass IP fragments? 1651 bytes UDP responses
> will be fragmented.
>
> Mark
>
> ; <<>> DiG 9.10.0a1 <<>> +trace svn0.eu.freebsd.org
> ;; global options: +cmd
> . 518400 IN NS m.root-servers.net.
> . 518400 IN NS l.root-servers.net.
> . 518400 IN NS i.root-servers.net.
> . 518400 IN NS g.root-servers.net.
> . 518400 IN NS j.root-servers.net.
> . 518400 IN NS f.root-servers.net.
> . 518400 IN NS k.root-servers.net.
> . 518400 IN NS h.root-servers.net.
> . 518400 IN NS d.root-servers.net.
> . 518400 IN NS b.root-servers.net.
> . 518400 IN NS c.root-servers.net.
> . 518400 IN NS e.root-servers.net.
> . 518400 IN NS a.root-servers.net.
> . 518400 IN RRSIG NS 8 0 518400 20131105000000 20131028230000 59085 . BnEqF0BizhMkLOMl8toff2bIDQ9h78IzAv4TSz25/h4Ne22ekj1FA61l 1SjWJxmw7tTkpckNNi5Zzpoe8Blb+6PnwuXDQjVeMZonj5ZoMSq8ILfC sfjqNtEBVPE+7McHGNESQiozLrl/zmzn0Qj5/rciqisE7kJ64BzLzClI uho=
> ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
>
> org. 172800 IN NS a0.org.afilias-nst.info.
> org. 172800 IN NS a2.org.afilias-nst.info.
> org. 172800 IN NS b0.org.afilias-nst.org.
> org. 172800 IN NS b2.org.afilias-nst.org.
> org. 172800 IN NS c0.org.afilias-nst.info.
> org. 172800 IN NS d0.org.afilias-nst.org.
> org. 86400 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
> org. 86400 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0 D90F01BA
> org. 86400 IN RRSIG DS 8 1 86400 20131105000000 20131028230000 59085 . FMr/zkWbnhLyhe0mv30EkCpPuKHYM6fFV3z4ZPclRI2ReGAzdKRjYPYc s7UgLE0bOYbLfCfh7ldgD6gOFMY8ProiT4keGulfdrwtSffZ6RY7nvpF s7IpfUbBZrulUhzQ1zK9kguGAkr6efgqovrhc3ziv1Wr22eHdIJj+zni RZE=
> ;; Received 693 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in 339 ms
>
> freebsd.org. 86400 IN NS ns3.isc-sns.info.
> freebsd.org. 86400 IN NS ns1.isc-sns.net.
> freebsd.org. 86400 IN NS ns2.isc-sns.com.
> freebsd.org. 86400 IN DS 32659 8 2 AF3B32E46DF2FC32C0110C7D6B808EE73E0411501AFAF9022D3DCD0A FA5B3ACD
> freebsd.org. 86400 IN RRSIG DS 7 2 86400 20131115155808 20131025145808 39273 org. VFl0/tdpEaTtpMxYYqi3MjWQJsxIQrxYLOI2cLQMpMWylkKffPfCJtMU nw52L+beWPuCueaZcntAH3aRRsj7wfY25z4Wvuc0vw+++HfUbwuPiGhz 6y67eIXyi8IiPz4IMc0+JvIY6WV6fc8SWIJYvVLWxh5t7VcRuAR4Fn7Y FkI=
> ;; Received 347 bytes from 2001:500:f::1#53(d0.org.afilias-nst.org) in 306 ms
>
> svn0.eu.freebsd.org. 3600 IN CNAME svnmir.bme.freebsd.org.
> svn0.eu.freebsd.org. 3600 IN RRSIG CNAME 8 4 3600 20131128183206 20131029173206 58635 freebsd.org. wXQKIKW6IWHtlxiIZQx/qpmCPUdr6Pwusa/X0zl9SHjECSP0U3BKX2Ck ZSEr8UWWawUoR7zMccrwnoRZYTvd3y2OS5lAlGAdKjOOCOGRco2WbgvV xkU5ggoqGM1++CcZPIhoEhZITiO1PtBSya5SY4TgpNPAzQkTe1X7bE8t rXY=
> svnmir.bme.freebsd.org. 3600 IN A 213.138.116.72
> svnmir.bme.freebsd.org. 3600 IN RRSIG A 8 4 3600 20131128183206 20131029173206 58635 freebsd.org. IFCd8xGaaN2jNDRW4la0M5aRDpRSgeyPHn+YN8ZeQ81naCTOaqmle2vb hDKp6RQxJK4QXvTMfBdBa5y4IKEZE411tHf+ZlDyr9hkuYfbOIW27xeN xLKSekIFC2DwvLer+N6IX6qRQx7fZ87c9lkG7puT6VpSiQr/8CHQEZsc AK0=
> freebsd.org. 3600 IN NS ns2.isc-sns.com.
> freebsd.org. 3600 IN NS ns3.isc-sns.info.
> freebsd.org. 3600 IN NS ns1.isc-sns.net.
> freebsd.org. 3600 IN RRSIG NS 8 2 3600 20131128183206 20131029173206 58635 freebsd.org. cbyo1sjVYi7DKHagSOO14NykbS79e+5S3WKF6PyxL3OCTRnKAB/sV/zW +KOIUbhOee3w8fz0UyM8EHUX8W/fqv0dpmAM9ad4Y2yU22MS5UvPTXkc LgNqIDdFTZDGPd7MalELeSgit7uFwwl5X+7O7fVlr0UPGYp2IbtytfG1 sio=
> ;; Received 1651 bytes from 2001:5a0:10::1#53(ns3.isc-sns.info) in 187 ms
>
>
>> -Kimmo
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
It's working again and I get a same type of trace querying the google
DNS forwarder 8.8.8.8 with "dig +trace". I did experiment with various
"no scrub" rules with my PF firewall but nothing seemed to help. I
then reverted back to my original scrub rules that are basically " all
fragment reassemble random-id no-df" on all interfaces and it started
working again all of sudden.
-Kimmo
More information about the freebsd-stable
mailing list