2015 Direct Certificate Discovery Tool blocking TCP

18 views

Skip to first unread message

Greg Meyer

unread,

Feb 16, 2017, 10:00:27 AM2/16/17

to Direct Certificate Discovery Tool

I have been unable to resolve certificates for the past few days. Below is a dig trace. It appears TCP may be blocked on the SITEVN side (I have verified that this is not an issue with a fire wall on my side, below was run from a wide open AWS box).

dig @8.8.8.8 +trace -t cert d18.domain10.dcdt31prod.sitenv.org

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @8.8.8.8 +trace -t cert d18.domain10.dcdt31prod.sitenv.org

; (1 server found)

;; global options: +cmd

. 125015 IN NS l.root-servers.net.

. 125015 IN NS m.root-servers.net.

. 125015 IN NS c.root-servers.net.

. 125015 IN NS d.root-servers.net.

. 125015 IN NS a.root-servers.net.

. 125015 IN NS e.root-servers.net.

. 125015 IN NS k.root-servers.net.

. 125015 IN NS h.root-servers.net.

. 125015 IN NS g.root-servers.net.

. 125015 IN NS b.root-servers.net.

. 125015 IN NS f.root-servers.net.

. 125015 IN NS i.root-servers.net.

. 125015 IN NS j.root-servers.net.

. 125015 IN RRSIG NS 8 0 518400 20170227170000 20170214160000 61045 . HnSVXyC8UZuXnpOsZOv1/GP2byJFG9Y9ch4q0eUw/6CMEJ403spJ67Oo JiAGhdiE6xlONAMQN0Q7LpA7/bgCf29mmVJDcG76b/qaVnmRjKErBwep 68K831Uph2V+Rixcw8mx5XYWuMDyKDiRWlrPyY/bT0a7Us7dTnhkNJ+D g25E0lqXNKY9XgroVoTlwc5tCIe6L8GhoDU+LTLtBySBgQa3kEAI7WUQ CT4l47BCu3zzh8sJtdKGEXnXD0e22pB4ZaYF80iVWL1cRgghn2HphlN0 1kFJr3WuuIKP9r4vZFIjKiinV1KJdBBW2fciGAx+nZbP5sSUlOdiz/56 BZKM3g==

;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 753 ms

org. 172800 IN NS a0.org.afilias-nst.info.

org. 172800 IN NS a2.org.afilias-nst.info.

org. 172800 IN NS b0.org.afilias-nst.org.

org. 172800 IN NS b2.org.afilias-nst.org.

org. 172800 IN NS c0.org.afilias-nst.info.

org. 172800 IN NS d0.org.afilias-nst.org.

org. 86400 IN DS 9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982

org. 86400 IN DS 9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5

org. 86400 IN RRSIG DS 8 1 86400 20170301050000 20170216040000 61045 . Vl7wT1t5st6dHS/2yHY6On6xZvRlHfeg+nI7CxtF0QGqc5UIdxQ19g8e Y6DpEcVw9sDjZNnsDOQ9opLSsojY2GAQ+fALK5lme5su24l198+gPhA5 e2G8wxmm9+wHlCaWkT2HxnsrZ0BkXTrndyLuLuS6ImTatRmY4EB/L4tI R4IISAqcZCdFLWFy5mHFQIyPqOXqnYEOFmJ9paOmpZKdDyC4Wj+cZYMW ZFZN4BPr1dNzLpnK9CIHcbhuOVqgc7/z9pqMBj+7aErTPzQXd3YAF0Zk 2nHFod9vZcxcazoAasnFMwneE1zjQ2YChgK0zlt19ZYnp2TxqgIS3J0q ygEceQ==

;; Received 836 bytes from 199.7.83.42#53(l.root-servers.net) in 179 ms

sitenv.org. 86400 IN NS ns69.domaincontrol.com.

sitenv.org. 86400 IN NS ns70.domaincontrol.com.

h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM

h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20170309145350 20170216135350 3947 org. pCLCkU6NdEQUBM7bXqHMu1H0SmfJBdKv/GT+12atRGEBsIgPlmwkPDaN CudcMCBgeyHgh6GD+SEmguIBEgrJUXyRgMtUjr2neGajQ4ftFYIsOvN7 y/u4N25klGBm8gR8uvw8PBjTMf7RJ/ofAlCFo5d9YxFJ8qN09NnMJ7UA 0fo=

3akuoj6bd53lbo66alckis1qmf4d2o05.org. 86400 IN NSEC3 1 1 1 D399EAAB 3AMTKVFQ2IGU7O5JI2RMCNAEOIR284F0 NS DS RRSIG

3akuoj6bd53lbo66alckis1qmf4d2o05.org. 86400 IN RRSIG NSEC3 7 2 86400 20170302152414 20170209142414 3947 org. gm7GG7C9nDFgQKmRprUh2QaQhY3tqC0l3SYj78pW5dU9DSLZDznsPKQd nNLuFEyjGy6favzU8lrmiFzk00nm/8yFVuXc4YIczngQuuRlHLhQWj1/ bvoFtQoMViytCw5uvsr9GgxspjW1EZ2+hMYP3yYeD5aC6E2IgCV2XG62 A5s=

;; Received 611 bytes from 199.249.120.1#53(b2.org.afilias-nst.org) in 137 ms

dcdt31prod.sitenv.org. 1800 IN NS ns2.dcdt31prod.sitenv.org.

dcdt31prod.sitenv.org. 1800 IN NS ns1.dcdt31prod.sitenv.org.

;; Received 131 bytes from 216.69.185.45#53(ns69.domaincontrol.com) in 315 ms

;; Truncated, retrying in TCP mode.

;; connection timed out; no servers could be reached

srini

unread,

Feb 16, 2017, 10:25:37 AM2/16/17

to directt...@googlegroups.com

Thank you for notifying us; upon restarting, it is working now. Please let us know if this doesn't resolve.

Thanks

srini

$ dig cert d18.domain10.dcdt31prod.sitenv.org

;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.1-P1 <<>> cert d18.domain10.dcdt31prod.sitenv.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52493

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;d18.domain10.dcdt31prod.sitenv.org. IN CERT

--
You received this message because you are subscribed to the Google Groups "Direct Certificate Discovery Tool" group.
To unsubscribe from this group and stop receiving emails from it, send an email to directtesttool+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/directtesttool.
To view this discussion on the web visit https://groups.google.com/d/msgid/directtesttool/d65ec579-790c-4a92-87d4-2ad706a35e4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages