resolving .org - connection timed out; no servers could be reached
erik.dobak at gmail.com
Mon Jan 13 19:48:39 UTC 2020
On Sun, 12 Jan 2020 at 14:30, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Sun, Jan 12, 2020 at 02:20:24PM +0100,
> Erik Dobák <erik.dobak at gmail.com> wrote
> a message of 109 lines which said:
> > as i wrote other TLDs (.net .com and some country TLDs) resolved all
> > fine. for .org i tried debian.org ietf.org gentoo.org and maybe
> > some others with all failing.
> Then, I suggest to query directly the authoritative name servers of
> .org, to see if they are reachable. (If not, it's not Unbound's fault.)
> % dig @a0.org.afilias-nst.info. gentoo.org
> ;; AUTHORITY SECTION:
> gentoo.org. 86400 IN NS ns1.gentoo.org.
> gentoo.org. 86400 IN NS ns2.gentoo.org.
> gentoo.org. 86400 IN NS ns3.gentoo.org.
> ;; Query time: 246 msec
> ;; SERVER: 2001:500:e::1#53(2001:500:e::1)
> ;; WHEN: Sun Jan 12 14:28:22 CET 2020
> ;; MSG SIZE rcvd: 408
> > so you say the message 'connection timed out; no servers could be
> > from dig does not mean that my pc got trouble to connect the router but
> > router got trouble to connect to root DNS servers?
> Or other authoritative name servers. Probably not the root since other
> TLDs work.
> When you query the resolver, it has to contact the authoritative name
> servers. May be dig timeouted before Unbound did. dig +timeout=30 to
> see if, giving more time, Unbound makes a decision (probably SERVFAIL,
> if there is a reachability problem)?
> > looks like something is killing my (or returning) packets filtered by the
> > presence of .org string.
> > MITM??? or who is now trying to screw .org??
> Let's search simple explanations first: a routing/reachability
> > ps: i am using DNSSEC but AFAIK this does not mean the resolve requests
> > encrypted...
> Indeed. DNSSEC signs but does not encrypt.
$ dig debian.org
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> debian.org
;; global options: +cmd
;; connection timed out; no servers could be reached
kago at debian:~$ dig @a0.org.afilias-nst.info. debian.org
dig: couldn't get address for 'a0.org.afilias-nst.info.': failure
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Unbound-users