Saku Ytti <saku+cisco-...@ytti.fi> wrote: > It turns out, I haven't been able to really connect to ftp.cisco.com > lately. This problem has persisted at least from 14th day, but may > have been there earlier. > With some persistence you can get some directory listings out from > there, but for all purpose and intent it seems unusable. > > Are others seeing this too?
Cisco has apparently broken their DNS loadbalancer and returns (in my book) invalid answers for AAAA queries, which messes with IPv6-enabled clients a lot. ftp.cisco.com. 86400 IN NS sjce-ddir-ns.cisco.com. ftp.cisco.com. 86400 IN NS rtp5-ddir-ns.cisco.com. $ dig -t a ftp.cisco.com @sjce-ddir-ns.cisco.com +norec gives A record in the answer section, still not quite legit because the answer is missing the aa flag but it seems to be accepted by most caches $ dig -t aaaa ftp.cisco.com @sjce-ddir-ns.cisco.com +norec gives a straight referral to the same servers (dig calls this horizontal referral), which is obviously completely broken. If you're lucky your resolver returns SERVFAIL, but you might get a timeout as well. I've sent an email to my SE and all DNS contacts at cisco.com I could find a week ago, but no answer so far. I'll kick my SE on Monday if it hasn't improved until then. Bernhard _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/