On Tue, Jan 13, 2009 at 04:35:46PM -0800, Mark Andrews wrote: > The number of nameservers that fail to respond to EDNS > queries is miniscule. The majority of nameservers on the > net actually talk EDNS. > > I suggest that you re-analyse the failures to determine > their true causes. > > Mark
I'd thought we'd ruled this out, but testing again from an OOB server confirms what you're saying. Will definitely reinvestigate. Initially I am getting these in response to my dig queries: # dig @130.76.96.65 boeing.com soa +dnssec +norec ;; Warning: ID mismatch: expected ID 1582, got 13152 ;; Warning: ID mismatch: expected ID 1582, got 13152 ;; Warning: ID mismatch: expected ID 1582, got 13152 ; <<>> DiG 9.3.5-P2 <<>> @130.76.96.65 boeing.com soa +dnssec +norec ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached I guess our firewall could be tinkering with the request ID's? Perhaps as a result of dnssec being on... hmm. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users