resolving .org - connection timed out; no servers could be reached
bortzmeyer at nic.fr
Sun Jan 12 13:30:11 UTC 2020
On Sun, Jan 12, 2020 at 02:20:24PM +0100,
Erik Dobák <erik.dobak at gmail.com> wrote
a message of 109 lines which said:
> as i wrote other TLDs (.net .com and some country TLDs) resolved all
> fine. for .org i tried debian.org ietf.org gentoo.org and maybe
> some others with all failing.
Then, I suggest to query directly the authoritative name servers of
.org, to see if they are reachable. (If not, it's not Unbound's fault.)
% dig @a0.org.afilias-nst.info. gentoo.org
;; AUTHORITY SECTION:
gentoo.org. 86400 IN NS ns1.gentoo.org.
gentoo.org. 86400 IN NS ns2.gentoo.org.
gentoo.org. 86400 IN NS ns3.gentoo.org.
;; Query time: 246 msec
;; SERVER: 2001:500:e::1#53(2001:500:e::1)
;; WHEN: Sun Jan 12 14:28:22 CET 2020
;; MSG SIZE rcvd: 408
> so you say the message 'connection timed out; no servers could be reached'
> from dig does not mean that my pc got trouble to connect the router but the
> router got trouble to connect to root DNS servers?
Or other authoritative name servers. Probably not the root since other
When you query the resolver, it has to contact the authoritative name
servers. May be dig timeouted before Unbound did. dig +timeout=30 to
see if, giving more time, Unbound makes a decision (probably SERVFAIL,
if there is a reachability problem)?
> looks like something is killing my (or returning) packets filtered by the
> presence of .org string.
> MITM??? or who is now trying to screw .org??
Let's search simple explanations first: a routing/reachability
> ps: i am using DNSSEC but AFAIK this does not mean the resolve requests are
Indeed. DNSSEC signs but does not encrypt.
More information about the Unbound-users