--- Begin Message ---
> On 20201127, at 12:09, Thomas Mieslinger <mi...@mail.com> wrote:
>
> Hi,
>
> I received customer complaints that quad8 and some german broadband
> resolvers were unable to resolve .ag secondlevel domains.
Any outputs from 'dig' that show the problem?
Note that all DNS for hoevalmann.ag are located in the same ASN, more
specifically 217.160.8{1234}.1/24.
which seems to be announced as a single /22 (217.160.80.0/22) by AS8560.
As such, if there is a routing issue towards 1and1-dns, things will be broken.
It is funny that they chose to use different TLDs but put all eggs in the same
/22 + ASN :)
Seems quite a few people are interested in those IPs looking at the atlas
measurements:
https://stat.ripe.net/217.160.80.0%2F22#tabId=activity
That kind of amount of activity indicates people seeing problems...
> peak.ag
> hoevelmann.ag
> sonnenschein.ag
> hostedoffice.ag
>
> I run the authoritatives serving the first three examples and we've had
> no outage.
>
> I don't understand the DNSEC keys in .ag and the intended change carried
> out with the current setup.
>
> https://dnsviz.net/d/hoevelmann.ag/dnssec/
That just shows that upto .ag it is all signed, but there is no DNSSEC towards
hoevelmann.ag.
That is fine if you do not want DNSSEC.
> Do you also see problems with .ag?
Nothing from my POV, dig +trace +dnssec works fine.
https://zonemaster.iis.se/en/?resultid=4cfd71ecabb03a16
says the same thing what I mention above: all DNS servers are in one single
AS...
Greets,
Jeroen
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
