From owner-freebsd-stable@FreeBSD.ORG Wed Oct 30 04:42:43 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id DBD37C0C for ; Wed, 30 Oct 2013 04:42:43 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-qc0-x234.google.com (mail-qc0-x234.google.com [IPv6:2607:f8b0:400d:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9ACBA2258 for ; Wed, 30 Oct 2013 04:42:43 +0000 (UTC) Received: by mail-qc0-f180.google.com with SMTP id e9so510529qcy.25 for ; Tue, 29 Oct 2013 21:42:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=wOb/VHi/0sdyVHtMiPnOivnayWthNf4ok6JcpQA/b8I=; b=AzEFoGiA8v2B/wO9Oh9pY8m947mfQxGDAdTEWEJ6KQr9alQfKtitG0LFhrwQFA169X WerRzQ1TrOn0lhgYM8SctmXUnWTCLIv76Uw1zanCZnWp7sxP0XwKUXsA3CdjCif4+7B+ FpdwGRjlE7tJxz8N1iKh8Pk+avh+HWQi++DxSjV75pr8BgLK4GnKWBDxbndf7Wj3Nbvf lMPqGMS4nvhdTe6n8b1xIAiujDFLo40YpnaQcMaw5kjlC+8ThAcWM3NRCWX0AWsa8CJ3 +6cZgauqjknVKXVKWL5FamHhLfm0PL9ocOuR1Yyjmd9gIxcNWML4knk7r4pV1HCw+NVN 7T+g== MIME-Version: 1.0 X-Received: by 10.224.103.199 with SMTP id l7mr5391942qao.56.1383108162635; Tue, 29 Oct 2013 21:42:42 -0700 (PDT) Received: by 10.96.180.233 with HTTP; Tue, 29 Oct 2013 21:42:42 -0700 (PDT) In-Reply-To: <20131030034233.4D88F94754B@rock.dv.isc.org> References: <20131030034233.4D88F94754B@rock.dv.isc.org> Date: Wed, 30 Oct 2013 06:42:42 +0200 Message-ID: Subject: Re: DNS problem with svn0.eu.freebsd.org From: Kimmo Paasiala To: Mark Andrews Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-stable@freebsd.org" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2013 04:42:43 -0000 On Wed, Oct 30, 2013 at 5:42 AM, Mark Andrews wrote: > > In message > , Kimmo Paasiala writes: >> On Tue, Oct 29, 2013 at 11:34 PM, Kimmo Paasiala wr= ote: >> > On Tue, Oct 29, 2013 at 11:29 PM, Kimmo Paasiala = wrote >> : >> >> I'm getting SERVFAIL response and I can not use the mirror to update >> >> any SVN sources. The addressed for us-west and us-east mirrors work. >> >> >> >> freebsd10 /usr/src # dig svn0.eu.freebsd.org >> >> >> >> >> >> ; <<>> DiG 9.9.4 <<>> svn0.eu.freebsd.org >> >> >> >> ;; global options: +cmd >> >> >> >> ;; Got answer: >> >> >> >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43548 >> >> >> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >> >> >> >> >> >> ;; OPT PSEUDOSECTION: >> >> >> >> ; EDNS: version: 0, flags:; udp: 4096 >> >> >> >> ;; QUESTION SECTION: >> >> >> >> ;svn0.eu.freebsd.org. IN A >> >> >> >> >> >> ;; Query time: 261 msec >> >> >> >> ;; SERVER: 10.71.14.1#53(10.71.14.1) >> >> >> >> ;; WHEN: Tue Oct 29 23:26:31 EET 2013 >> >> >> >> ;; MSG SIZE rcvd: 48 >> >> >> >> >> >> freebsd10 /usr/src # >> >> >> >> -Kimmo >> > >> > Seems the problem was only a temporary one, sorry for the noise.... >> >> >> It's failing again with SERVFAIL, I'll have to switch to using the >> us-east mirror I guess. > > Have you told your firewall to pass IP fragments? 1651 bytes UDP respons= es > will be fragmented. > > Mark > > ; <<>> DiG 9.10.0a1 <<>> +trace svn0.eu.freebsd.org > ;; global options: +cmd > . 518400 IN NS m.root-servers.net. > . 518400 IN NS l.root-servers.net. > . 518400 IN NS i.root-servers.net. > . 518400 IN NS g.root-servers.net. > . 518400 IN NS j.root-servers.net. > . 518400 IN NS f.root-servers.net. > . 518400 IN NS k.root-servers.net. > . 518400 IN NS h.root-servers.net. > . 518400 IN NS d.root-servers.net. > . 518400 IN NS b.root-servers.net. > . 518400 IN NS c.root-servers.net. > . 518400 IN NS e.root-servers.net. > . 518400 IN NS a.root-servers.net. > . 518400 IN RRSIG NS 8 0 518400 20131105000= 000 20131028230000 59085 . BnEqF0BizhMkLOMl8toff2bIDQ9h78IzAv4TSz25/h4Ne22e= kj1FA61l 1SjWJxmw7tTkpckNNi5Zzpoe8Blb+6PnwuXDQjVeMZonj5ZoMSq8ILfC sfjqNtEBV= PE+7McHGNESQiozLrl/zmzn0Qj5/rciqisE7kJ64BzLzClI uho=3D > ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms > > org. 172800 IN NS a0.org.afilias-nst.info. > org. 172800 IN NS a2.org.afilias-nst.info. > org. 172800 IN NS b0.org.afilias-nst.org. > org. 172800 IN NS b2.org.afilias-nst.org. > org. 172800 IN NS c0.org.afilias-nst.info. > org. 172800 IN NS d0.org.afilias-nst.org. > org. 86400 IN DS 21366 7 1 E6C1716CFB6BDC8= 4E84CE1AB5510DAC69173B5B2 > org. 86400 IN DS 21366 7 2 96EEB2FFD9B00CD= 4694E78278B5EFDAB0A80446567B69F634DA078F0 D90F01BA > org. 86400 IN RRSIG DS 8 1 86400 201311050000= 00 20131028230000 59085 . FMr/zkWbnhLyhe0mv30EkCpPuKHYM6fFV3z4ZPclRI2ReGAzd= KRjYPYc s7UgLE0bOYbLfCfh7ldgD6gOFMY8ProiT4keGulfdrwtSffZ6RY7nvpF s7IpfUbBZr= ulUhzQ1zK9kguGAkr6efgqovrhc3ziv1Wr22eHdIJj+zni RZE=3D > ;; Received 693 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in= 339 ms > > freebsd.org. 86400 IN NS ns3.isc-sns.info. > freebsd.org. 86400 IN NS ns1.isc-sns.net. > freebsd.org. 86400 IN NS ns2.isc-sns.com. > freebsd.org. 86400 IN DS 32659 8 2 AF3B32E46DF2FC3= 2C0110C7D6B808EE73E0411501AFAF9022D3DCD0A FA5B3ACD > freebsd.org. 86400 IN RRSIG DS 7 2 86400 201311151558= 08 20131025145808 39273 org. VFl0/tdpEaTtpMxYYqi3MjWQJsxIQrxYLOI2cLQMpMWylk= KffPfCJtMU nw52L+beWPuCueaZcntAH3aRRsj7wfY25z4Wvuc0vw+++HfUbwuPiGhz 6y67eIX= yi8IiPz4IMc0+JvIY6WV6fc8SWIJYvVLWxh5t7VcRuAR4Fn7Y FkI=3D > ;; Received 347 bytes from 2001:500:f::1#53(d0.org.afilias-nst.org) in 30= 6 ms > > svn0.eu.freebsd.org. 3600 IN CNAME svnmir.bme.freebsd.org. > svn0.eu.freebsd.org. 3600 IN RRSIG CNAME 8 4 3600 2013112818= 3206 20131029173206 58635 freebsd.org. wXQKIKW6IWHtlxiIZQx/qpmCPUdr6Pwusa/X= 0zl9SHjECSP0U3BKX2Ck ZSEr8UWWawUoR7zMccrwnoRZYTvd3y2OS5lAlGAdKjOOCOGRco2Wbg= vV xkU5ggoqGM1++CcZPIhoEhZITiO1PtBSya5SY4TgpNPAzQkTe1X7bE8t rXY=3D > svnmir.bme.freebsd.org. 3600 IN A 213.138.116.72 > svnmir.bme.freebsd.org. 3600 IN RRSIG A 8 4 3600 20131128183206= 20131029173206 58635 freebsd.org. IFCd8xGaaN2jNDRW4la0M5aRDpRSgeyPHn+YN8Ze= Q81naCTOaqmle2vb hDKp6RQxJK4QXvTMfBdBa5y4IKEZE411tHf+ZlDyr9hkuYfbOIW27xeN x= LKSekIFC2DwvLer+N6IX6qRQx7fZ87c9lkG7puT6VpSiQr/8CHQEZsc AK0=3D > freebsd.org. 3600 IN NS ns2.isc-sns.com. > freebsd.org. 3600 IN NS ns3.isc-sns.info. > freebsd.org. 3600 IN NS ns1.isc-sns.net. > freebsd.org. 3600 IN RRSIG NS 8 2 3600 2013112818320= 6 20131029173206 58635 freebsd.org. cbyo1sjVYi7DKHagSOO14NykbS79e+5S3WKF6Py= xL3OCTRnKAB/sV/zW +KOIUbhOee3w8fz0UyM8EHUX8W/fqv0dpmAM9ad4Y2yU22MS5UvPTXkc = LgNqIDdFTZDGPd7MalELeSgit7uFwwl5X+7O7fVlr0UPGYp2IbtytfG1 sio=3D > ;; Received 1651 bytes from 2001:5a0:10::1#53(ns3.isc-sns.info) in 187 ms > > >> -Kimmo >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org= " > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org It's working again and I get a same type of trace querying the google DNS forwarder 8.8.8.8 with "dig +trace". I did experiment with various "no scrub" rules with my PF firewall but nothing seemed to help. I then reverted back to my original scrub rules that are basically " all fragment reassemble random-id no-df" on all interfaces and it started working again all of sudden. -Kimmo