On Tue, 29 Nov 2005 16:38:58 +0100, "Brett Carr" <brettcarr@ripe.net> said:
Did you have a chance to look (or have somebody else have a look :-) at <https://www.ripe.net/cgi-bin/delcheck/delcheck2.cgi> for the zone 176.195.in-addr.arpa? I can see two problems:
- For some reason, the tool doesn't get replies to queries for NS and DNSKEY records at our name servers {merapi,scsnms}.switch.ch with the DO flag set. The tool then (erroneously) concludes that these RRsets are inconsistent among the servers for the zone.
I see the queries coming in on our servers from 193.0.0.214. Could it be that the replies are filtered somwhere in your network (having strange flags and all that)?
We have now fixed this after finding some strange (udp fragment) filtering behaviour on our Juniper router, We will be carrying out more (lab based) tests on this and will report the results to Juniper.
Thanks! -- Alex