Mark Andrews writes: > > In message <4c1f85ef.5070...@rula.net>, =?UTF-8?B?Um9rIFBvdG/EjW5paw==?= writ > es > : > > Anyway.. I found out what the problem is... they don't reply to dnssec > > enabled requests... > > > > $ dig +short @ns33.domaincontrol.com. replacementservices.com. > > 72.32.12.235 > > > > $ dig +short +dnssec @ns33.domaincontrol.com. replacementservices.com. > > ;; connection timed out; no servers could be reached > > > > wanna boycott godaddy? > > > > -- > > LP, Rok > > They DO respond. Look at your firewall. > > % dig +short @ns33.domaincontrol.com. replacementservices.com. > 72.32.12.235 > % dig +short +dnssec @ns33.domaincontrol.com. replacementservices.com. > 72.32.12.235 > % > > Mark
I suspect that your firewall is dropping replies to EDNS queries that *don't* include the OPT record (i.e. they are plain DNS not EDNS responses). Note that there was no OPT record in the reply. ; <<>> DiG 9.3.6-P1 <<>> +dnssec @ns33.domaincontrol.com. replacementservices.com. ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36916 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;replacementservices.com. IN A ;; ANSWER SECTION: replacementservices.com. 3600 IN A 72.32.12.235 ;; AUTHORITY SECTION: replacementservices.com. 3600 IN NS ns33.domaincontrol.com. replacementservices.com. 3600 IN NS ns34.domaincontrol.com. ;; Query time: 184 msec ;; SERVER: 216.69.185.17#53(216.69.185.17) ;; WHEN: Tue Jun 22 10:12:45 2010 ;; MSG SIZE rcvd: 109 Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
