resolving .org - connection timed out; no servers could be reached

Erik Dobák erik.dobak at gmail.com
Mon Jan 13 19:48:39 UTC 2020 

On Sun, 12 Jan 2020 at 14:30, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Sun, Jan 12, 2020 at 02:20:24PM +0100,
>  Erik Dobák <erik.dobak at gmail.com> wrote
>  a message of 109 lines which said:
>
> > as i wrote other TLDs (.net .com and some country TLDs) resolved all
> > fine.  for .org i tried debian.org ietf.org gentoo.org and maybe
> > some others with all failing.
>
> Then, I suggest to query directly the authoritative name servers of
> .org, to see if they are reachable. (If not, it's not Unbound's fault.)
>
> % dig @a0.org.afilias-nst.info. gentoo.org
> ...
> ;; AUTHORITY SECTION:
> gentoo.org.     86400 IN NS ns1.gentoo.org.
> gentoo.org.           86400 IN NS ns2.gentoo.org.
> gentoo.org.                 86400 IN NS ns3.gentoo.org.
> ...
> ;; Query time: 246 msec
> ;; SERVER: 2001:500:e::1#53(2001:500:e::1)
> ;; WHEN: Sun Jan 12 14:28:22 CET 2020
> ;; MSG SIZE  rcvd: 408
>
> > so you say the message 'connection timed out; no servers could be
> reached'
> > from dig does not mean that my pc got trouble to connect the router but
> the
> > router got trouble to connect to root DNS servers?
>
> Or other authoritative name servers. Probably not the root since other
> TLDs work.
>
> When you query the resolver, it has to contact the authoritative name
> servers. May be dig timeouted before Unbound did. dig +timeout=30 to
> see if, giving more time, Unbound makes a decision (probably SERVFAIL,
> if there is a reachability problem)?
>
> > looks like something is killing my (or returning) packets filtered by the
> > presence of .org string.
> > MITM??? or who is now trying to screw .org??
>
> Let's search simple explanations first: a routing/reachability
> problem.
>
> > ps: i am using DNSSEC but AFAIK this does not mean the resolve requests
> are
> > encrypted...
>
> Indeed. DNSSEC signs but does not encrypt.
>

$ dig debian.org

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> debian.org
;; global options: +cmd
;; connection timed out; no servers could be reached
kago at debian:~$ dig @a0.org.afilias-nst.info. debian.org
dig: couldn't get address for 'a0.org.afilias-nst.info.': failure

anyone now???

E
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200113/4e81ec85/attachment.htm>

More information about the Unbound-users mailing list