[c-nsp] ftp.cisco.com unusable?

Bernhard Schmidt berni at birkenwald.de
Sat Feb 28 13:19:47 EST 2009


Saku Ytti <saku+cisco-nsp at ytti.fi> wrote:

> It turns out, I haven't been able to really connect to ftp.cisco.com
> lately. This problem has persisted at least from 14th day, but may
> have been there earlier.
> With some persistence you can get some directory listings out from
> there, but for all purpose and intent it seems unusable.
>
> Are others seeing this too?

Cisco has apparently broken their DNS loadbalancer and returns (in my
book) invalid answers for AAAA queries, which messes with IPv6-enabled
clients a lot.

ftp.cisco.com.          86400   IN      NS      sjce-ddir-ns.cisco.com.
ftp.cisco.com.          86400   IN      NS      rtp5-ddir-ns.cisco.com. 

$ dig -t a ftp.cisco.com @sjce-ddir-ns.cisco.com +norec 
gives A record in the answer section, still not quite legit because the
answer is missing the aa flag but it seems to be accepted by most caches

$ dig -t aaaa ftp.cisco.com @sjce-ddir-ns.cisco.com +norec
gives a straight referral to the same servers (dig calls this horizontal
referral), which is obviously completely broken. If you're lucky your
resolver returns SERVFAIL, but you might get a timeout as well.

I've sent an email to my SE and all DNS contacts at cisco.com I could
find a week ago, but no answer so far. I'll kick my SE on Monday if it
hasn't improved until then.

Bernhard



More information about the cisco-nsp mailing list