FreeBSD Mail Archives

Date:      Wed, 30 Oct 2013 06:42:42 +0200
From:      Kimmo Paasiala <kpaasial@gmail.com>
To:        Mark Andrews <marka@isc.org>
Cc:        "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
Subject:   Re: DNS problem with svn0.eu.freebsd.org
Message-ID:  <CA%2B7WWSfrOKBPPv%2BsBo4wvYnhiu-wZvKu65HYswAas36nU8sNoA@mail.gmail.com>
In-Reply-To: <20131030034233.4D88F94754B@rock.dv.isc.org>
References:  <CA%2B7WWSe-aM6fRxuD6OLq8T0XGipx0LtZy%2B0jpAJYy--umqeNnw@mail.gmail.com> <CA%2B7WWSd4VxVhH59mYoVCHPatG7dk-yMS3DaNaRRR01hxQ0c7OQ@mail.gmail.com> <CA%2B7WWSdTSDpLAAef_V=6uiNJTrU36ivtfCus0iE4x7q8KAVsbg@mail.gmail.com> <20131030034233.4D88F94754B@rock.dv.isc.org>

index | next in thread | previous in thread | raw e-mail


On Wed, Oct 30, 2013 at 5:42 AM, Mark Andrews <marka@isc.org> wrote:
>
> In message <CA+7WWSdTSDpLAAef_V=6uiNJTrU36ivtfCus0iE4x7q8KAVsbg@mail.gmail.com>
> , Kimmo Paasiala writes:
>> On Tue, Oct 29, 2013 at 11:34 PM, Kimmo Paasiala <kpaasial@gmail.com> wrote:
>> > On Tue, Oct 29, 2013 at 11:29 PM, Kimmo Paasiala <kpaasial@gmail.com> wrote
>> :
>> >> I'm getting SERVFAIL response and I can not use the mirror to update
>> >> any SVN sources. The addressed for us-west and us-east mirrors work.
>> >>
>> >> freebsd10 /usr/src # dig svn0.eu.freebsd.org
>> >>
>> >>
>> >> ; <<>> DiG 9.9.4 <<>> svn0.eu.freebsd.org
>> >>
>> >> ;; global options: +cmd
>> >>
>> >> ;; Got answer:
>> >>
>> >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43548
>> >>
>> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>> >>
>> >>
>> >> ;; OPT PSEUDOSECTION:
>> >>
>> >> ; EDNS: version: 0, flags:; udp: 4096
>> >>
>> >> ;; QUESTION SECTION:
>> >>
>> >> ;svn0.eu.freebsd.org.           IN      A
>> >>
>> >>
>> >> ;; Query time: 261 msec
>> >>
>> >> ;; SERVER: 10.71.14.1#53(10.71.14.1)
>> >>
>> >> ;; WHEN: Tue Oct 29 23:26:31 EET 2013
>> >>
>> >> ;; MSG SIZE  rcvd: 48
>> >>
>> >>
>> >> freebsd10 /usr/src #
>> >>
>> >> -Kimmo
>> >
>> > Seems the problem was only a temporary one, sorry for the noise....
>>
>>
>> It's failing again with SERVFAIL, I'll have to switch to using the
>> us-east mirror I guess.
>
> Have you told your firewall to pass IP fragments?  1651 bytes UDP responses
> will be fragmented.
>
> Mark
>
> ; <<>> DiG 9.10.0a1 <<>> +trace svn0.eu.freebsd.org
> ;; global options: +cmd
> .                       518400  IN      NS      m.root-servers.net.
> .                       518400  IN      NS      l.root-servers.net.
> .                       518400  IN      NS      i.root-servers.net.
> .                       518400  IN      NS      g.root-servers.net.
> .                       518400  IN      NS      j.root-servers.net.
> .                       518400  IN      NS      f.root-servers.net.
> .                       518400  IN      NS      k.root-servers.net.
> .                       518400  IN      NS      h.root-servers.net.
> .                       518400  IN      NS      d.root-servers.net.
> .                       518400  IN      NS      b.root-servers.net.
> .                       518400  IN      NS      c.root-servers.net.
> .                       518400  IN      NS      e.root-servers.net.
> .                       518400  IN      NS      a.root-servers.net.
> .                       518400  IN      RRSIG   NS 8 0 518400 20131105000000 20131028230000 59085 . BnEqF0BizhMkLOMl8toff2bIDQ9h78IzAv4TSz25/h4Ne22ekj1FA61l 1SjWJxmw7tTkpckNNi5Zzpoe8Blb+6PnwuXDQjVeMZonj5ZoMSq8ILfC sfjqNtEBVPE+7McHGNESQiozLrl/zmzn0Qj5/rciqisE7kJ64BzLzClI uho=
> ;; Received 397 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
>
> org.                    172800  IN      NS      a0.org.afilias-nst.info.
> org.                    172800  IN      NS      a2.org.afilias-nst.info.
> org.                    172800  IN      NS      b0.org.afilias-nst.org.
> org.                    172800  IN      NS      b2.org.afilias-nst.org.
> org.                    172800  IN      NS      c0.org.afilias-nst.info.
> org.                    172800  IN      NS      d0.org.afilias-nst.org.
> org.                    86400   IN      DS      21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
> org.                    86400   IN      DS      21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0 D90F01BA
> org.                    86400   IN      RRSIG   DS 8 1 86400 20131105000000 20131028230000 59085 . FMr/zkWbnhLyhe0mv30EkCpPuKHYM6fFV3z4ZPclRI2ReGAzdKRjYPYc s7UgLE0bOYbLfCfh7ldgD6gOFMY8ProiT4keGulfdrwtSffZ6RY7nvpF s7IpfUbBZrulUhzQ1zK9kguGAkr6efgqovrhc3ziv1Wr22eHdIJj+zni RZE=
> ;; Received 693 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in 339 ms
>
> freebsd.org.            86400   IN      NS      ns3.isc-sns.info.
> freebsd.org.            86400   IN      NS      ns1.isc-sns.net.
> freebsd.org.            86400   IN      NS      ns2.isc-sns.com.
> freebsd.org.            86400   IN      DS      32659 8 2 AF3B32E46DF2FC32C0110C7D6B808EE73E0411501AFAF9022D3DCD0A FA5B3ACD
> freebsd.org.            86400   IN      RRSIG   DS 7 2 86400 20131115155808 20131025145808 39273 org. VFl0/tdpEaTtpMxYYqi3MjWQJsxIQrxYLOI2cLQMpMWylkKffPfCJtMU nw52L+beWPuCueaZcntAH3aRRsj7wfY25z4Wvuc0vw+++HfUbwuPiGhz 6y67eIXyi8IiPz4IMc0+JvIY6WV6fc8SWIJYvVLWxh5t7VcRuAR4Fn7Y FkI=
> ;; Received 347 bytes from 2001:500:f::1#53(d0.org.afilias-nst.org) in 306 ms
>
> svn0.eu.freebsd.org.    3600    IN      CNAME   svnmir.bme.freebsd.org.
> svn0.eu.freebsd.org.    3600    IN      RRSIG   CNAME 8 4 3600 20131128183206 20131029173206 58635 freebsd.org. wXQKIKW6IWHtlxiIZQx/qpmCPUdr6Pwusa/X0zl9SHjECSP0U3BKX2Ck ZSEr8UWWawUoR7zMccrwnoRZYTvd3y2OS5lAlGAdKjOOCOGRco2WbgvV xkU5ggoqGM1++CcZPIhoEhZITiO1PtBSya5SY4TgpNPAzQkTe1X7bE8t rXY=
> svnmir.bme.freebsd.org. 3600    IN      A       213.138.116.72
> svnmir.bme.freebsd.org. 3600    IN      RRSIG   A 8 4 3600 20131128183206 20131029173206 58635 freebsd.org. IFCd8xGaaN2jNDRW4la0M5aRDpRSgeyPHn+YN8ZeQ81naCTOaqmle2vb hDKp6RQxJK4QXvTMfBdBa5y4IKEZE411tHf+ZlDyr9hkuYfbOIW27xeN xLKSekIFC2DwvLer+N6IX6qRQx7fZ87c9lkG7puT6VpSiQr/8CHQEZsc AK0=
> freebsd.org.            3600    IN      NS      ns2.isc-sns.com.
> freebsd.org.            3600    IN      NS      ns3.isc-sns.info.
> freebsd.org.            3600    IN      NS      ns1.isc-sns.net.
> freebsd.org.            3600    IN      RRSIG   NS 8 2 3600 20131128183206 20131029173206 58635 freebsd.org. cbyo1sjVYi7DKHagSOO14NykbS79e+5S3WKF6PyxL3OCTRnKAB/sV/zW +KOIUbhOee3w8fz0UyM8EHUX8W/fqv0dpmAM9ad4Y2yU22MS5UvPTXkc LgNqIDdFTZDGPd7MalELeSgit7uFwwl5X+7O7fVlr0UPGYp2IbtytfG1 sio=
> ;; Received 1651 bytes from 2001:5a0:10::1#53(ns3.isc-sns.info) in 187 ms
>
>
>> -Kimmo
>> _______________________________________________
>> freebsd-stable@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org


It's working again and I get a same type of trace querying the google
DNS forwarder 8.8.8.8 with "dig +trace". I did experiment with various
"no scrub" rules with my PF firewall but nothing seemed to help. I
then reverted back to my original scrub rules that are basically " all
fragment reassemble random-id no-df" on all interfaces and it started
working again all of sudden.

-Kimmo

help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSfrOKBPPv%2BsBo4wvYnhiu-wZvKu65HYswAas36nU8sNoA>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation