warning: Creating default object from empty value in /usr/local/apache2/sites/drupal5/modules/taxonomy/ on line 33.
Public Stories, etc

dig +bufsiz=2048 XN--9T4B11YI5A RRSIG

While working on the TLDmon plugins a couple of weeks ago, I noticed that a certain query to was consistenly failing:

$ dig +bufsiz=2048 XN--9T4B11YI5A RRSIG

; <<>> DiG 9.3.5-P2 <<>> +bufsiz=2048 XN--9T4B11YI5A RRSIG
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

It was strange because queries to the same server for all of the other TLD hosted there work just fine:

$ dig +short +bufsiz=2048 XN--KGBECHTV RRSIG | wc
       6      78    1794
$ dig +short +bufsiz=2048 XN--HGBK6AJ7F53BBA RRSIG | wc
       6      78    1831

It was also strange because the problematic TLD works fine from hosts outside of ISC's network (which is where the OARC servers are located), and it works if the query is sent to or

A tcpdump shows that the DNS reply message is fragmented and we only get the first fragment.

That this problem happens only (?) when querying from ISC's network seems to imply it is caused by something on ISC's network. But then why does it work when querying Why would the second fragment from c arrive, but not the fragment from b? Here's a tcpdump showing the correctly received second fragment from c.

I think it safe to assume that the fragment leaving b is the same, except with different values some TCP header fields (ip_sum, ip_id, ip_ttl, ip_src). Here's another tcpdump showing the fragment from b received outside ISC's network.

Note that both of these fragments are smaller (ip_len=31) than the minimum Ethernet payload size so they are padded out to 46 bytes.

Submitted by on Tue, 2008-12-09 21:22 categories [ ] -- Check your resolver's transaction ID behavior

A number of people have been asking for a way to check transaction ID randomness, in addition to source port randomness. OARC's porttest tool has now been expanded to also report on transaction IDs. To use it, issue a TXT query for the name For example, with dig:

$ dig +short TXT
" is GREAT: 26 queries in 2.7 seconds from 26 txids with std dev 20574.11"

Also note that in conjunction with this enhancement, the scoring critera for porttest and txidtest have been changed to match the web-based port test. The scoring is as follows:

Submitted by wessels on Mon, 2008-07-28 17:24 categories [ ]

OARC hosted mailing lists

OARC operates a number of mailing lists for its members, for other groups, and for the public.


A closed list for OARC members only.
Users are automatically subscribed based on the information in the portal database. Posts are accepted from list members only and are not normally held for approval. All OARC-related topics are appropriate.
To read the members archives, you'll need to know your mailman password. If you don't know your mailman password, visit the listinfo page and enter your email address at the bottom to receive a password reminder.


An open public forum for informal reporting, tracking, resolving, and discussing DNS operational issues including outages, attacks, errors, failures, and features. Discussion of non-ICANN root systems is explicitly off-topic.
Subscriptions are open to anyone and will be approved by a list moderator. Posts are accepted from list members only and are not normally held for approval. Participants with a history of off-topic posts will be moderated.
Visit the dns-operations page to subscribe and read the archives.


Mailing list for co-ordinating operators of anycasted AS112 DNS servers for RFC1918 in-addr queries.
List participants must be AS112 server operators. Posts are accepted from list members only and are not normally held for approval. Archives are publicly readable.
Visit the as112-ops page to subscribe and read the archives.

Private Lists

OARC also hosts a number of private mailing lists as a service to its membership. Any OARC member can request the creation of a private mailing list whose charter is related to OARC's mission. Members may view information about OARC's private lists.

Submitted by wessels on Tue, 2008-07-08 23:50 categories [ ]


One of OARC's activities is to convene periodic workshops, usually focused on DNS research and operations.

Please see the hosting page if your organization is considering hosting an OARC workshop.

Submitted by admin on Tue, 2008-01-15 23:19 categories [ ]

DNSSEC Walker - Similar to "dnswalk" but for use with DNSSEC


Similar to "dnswalk" but for use with DNSSEC, of course.

Submitted by admin on Fri, 2008-01-11 19:10 categories [ ]

Active Measurement of Anycast DNS

OARC member Yuji Sekiya, from WIDE, presents work related to active measurement of the anycast instances of root DNS servers. Follow the attachment link below to view slides for the presentation.

Submitted by bwatson on Tue, 2006-03-21 06:13 categories [ ]

Quarterly 48-hour tcpdump

The following OARC members participate in quarterly 48-hour data collection:

ISC (F-root)
RIPE (K-root)
Cogent (C-root)
NASA (E-root)

Root and TLD operators have very different network topologies and methods by which they provide DNS service. Such details may be useful to researchers studying this data. Links to specific details such as anycast vs. unicast routing and addressing, global vs. local nodes, geographic location, and autonomous systems are provided below for each member that submits data.




Submitted by bwatson on Wed, 2006-03-15 17:12 categories [ ]

Contributing Data to OARC

The following links provide information for members to upload various types of data to the OARC catalog. Organizations that wish to only share data with OARC (but have no access to member data/services), see the OARC Participation Agreement.

Click here for instructions on uploading PCAP files from quarterly 48-hour tcpdump runs.

Click here for instructions on uploading DSC statistics via SSH.

Submitted by bwatson on Thu, 2006-03-09 18:53 categories [ ]

Experiments in Scalable Trust Infrastructure

Submitted by bwatson on Fri, 2005-10-14 21:17 categories [ ]

Technical Report on Scalable Trust Infrastructure Experiment

OARC-TN-2005-1: Experiments in Scalable Trust Infrastructure

Submitted by bwatson on Fri, 2005-10-14 14:48 categories [ ]