* Stephane Bortzmeyer: > Several users on Twitter reported problems accessing Banque Populaire > (a French bank) https://www.banquepopulaire.fr > https://www.ibps.loirelyonnais.banquepopulaire.fr > https://www.ibps.bpaca.banquepopulaire.fr > https://www.ibps.mediterranee.banquepopulaire.fr/ > > From the limited reports, all errors point to a DNS issue. (For one > user, adding the IP address in /etc/hosts solved the problem.) > > But testing with existing resolvers and with the RIPE Atlas probes do > not show a widespread outage.
I can reproduce this to some extent: $ dig +norecurse +dnssec @nsisp1.i-bp.banquepopulaire.fr. www.banquepopulaire.fr. MX ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> +norecurse +dnssec @nsisp1.i-bp.banquepopulaire.fr. www.banquepopulaire.fr. MX ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 59096 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;www.banquepopulaire.fr. IN MX ;; Query time: 41 msec ;; SERVER: 91.135.182.250#53(91.135.182.250) ;; WHEN: Sat May 30 18:36:35 CEST 2020 ;; MSG SIZE rcvd: 51 $ dig +norecurse +dnssec @nsisp1.i-bp.banquepopulaire.fr. www.banquepopulaire.fr. TYPE1000 ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> +norecurse +dnssec @nsisp1.i-bp.banquepopulaire.fr. www.banquepopulaire.fr. TYPE1000 ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached A recursive resolver will turn these responses into SERVFAILs. I suspect this can cause resolvers to cache bad server reachability information, leading to name resolution error for A and AAAA queries as well. Or it could just be a client that uses RFC 2782: $ dig +norecurse +dnssec @nsisp1.i-bp.banquepopulaire.fr. _http._tcp.www.ibps.loirelyonnais.banquepopulaire.fr SRV ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> +norecurse +dnssec @nsisp1.i-bp.banquepopulaire.fr. _http._tcp.www.ibps.loirelyonnais.banquepopulaire.fr SRV ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 49919 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;_http._tcp.www.ibps.loirelyonnais.banquepopulaire.fr. IN SRV ;; Query time: 39 msec ;; SERVER: 91.135.182.250#53(91.135.182.250) ;; WHEN: Sat May 30 18:47:02 CEST 2020 ;; MSG SIZE rcvd: 81 _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
