Another datapoint: dig +dnssec @ns33.domaincontrol.com. replacementservices.com.
; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec @ns33.domaincontrol.com. replacementservices.com. ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached silver3:~ carlsen$ dig +dnssec replacementservices.com. ; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec replacementservices.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41422 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;replacementservices.com. IN A ;; ANSWER SECTION: replacementservices.com. 3600 IN A 72.32.12.235 ;; AUTHORITY SECTION: replacementservices.com. 3600 IN NS ns33.domaincontrol.com. replacementservices.com. 3600 IN NS ns34.domaincontrol.com. ;; ADDITIONAL SECTION: ns33.domaincontrol.com. 3571 IN A 216.69.185.17 ;; Query time: 3297 msec ;; SERVER: 192.168.15.2#53(192.168.15.2) ;; WHEN: Wed Jun 23 19:39:30 2010 ;; MSG SIZE rcvd: 136 silver3:~ carlsen$ dig +dnssec @ns34.domaincontrol.com. replacementservices.com. ; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec @ns34.domaincontrol.com. replacementservices.com. ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached This could look like a connectivity problem, one of the "interesting" ones. None of the official NSes will answer my dig, I do however get answers from my named. Dig +trace finds no answer: dig +dnssec +trace replacementservices.com. ; <<>> DiG 9.6.0-APPLE-P2 <<>> +dnssec +trace replacementservices.com. ;; global options: +cmd . 331492 IN NS j.root-servers.net. . 331492 IN NS d.root-servers.net. . 331492 IN NS l.root-servers.net. . 331492 IN NS h.root-servers.net. . 331492 IN NS b.root-servers.net. . 331492 IN NS i.root-servers.net. . 331492 IN NS m.root-servers.net. . 331492 IN NS g.root-servers.net. . 331492 IN NS f.root-servers.net. . 331492 IN NS e.root-servers.net. . 331492 IN NS k.root-servers.net. . 331492 IN NS c.root-servers.net. . 331492 IN NS a.root-servers.net. . 331492 IN RRSIG NS 8 0 518400 20100628000000 20100620230000 55138 . JItPMCeKTDTEjDyQgXLxSuxXEP01cA3k3tOlQDMhrCoDqZTrolGpMVAE dN2+7C9NAKW/dxRcoRvOAaSNRB+xQciHSHBygFaxcnprD+X6eMmS5PI3 wbDo5jyakN/yntzn1pNEoYSR1SD2/Jl2BuwP4N3ermVT3dNFV7u4v/+f x6E= ;; Received 441 bytes from 192.168.15.2#53(192.168.15.2) in 351 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 86400 IN NSEC coop. NS RRSIG NSEC com. 86400 IN RRSIG NSEC 8 1 86400 20100629070000 20100622060000 55138 . HgSWgEehhDAiFJZGH164RXHv+QAE69DFF8QVsIiP+tR3FvSi5aijuv6N a+ED1Wwj77dZYH0RNCrYrMiB1ct1pQ6p5WTFF5WoLXMVRxLPkRxT/UV7 MsQfqvkkaxWRQfRqHAzBbAeaZKAsGL8FGU1kT6e3AozNcY4dQm/ESzGB vzU= ;; Received 725 bytes from 128.8.10.90#53(d.root-servers.net) in 157 ms replacementservices.com. 172800 IN NS ns33.domaincontrol.com. replacementservices.com. 172800 IN NS ns34.domaincontrol.com. ;; Received 136 bytes from 192.12.94.30#53(e.gtld-servers.net) in 53 ms ;; connection timed out; no servers could be reached On 23/06/10 17:49, Erwin Lansing wrote: > On Wed, Jun 23, 2010 at 05:25:31PM +0200, Warren Kumari wrote: > >>>> # dig +dnssec @ns33.domaincontrol.com. replacementservices.com. >>>> >>> Since it's working quite okay for several locations on here, the >>> problem may be found somewhere in between sites. >>> >>> I personally don't get any failures with the dig statement from above >>> no matter how often I try. >>> >>> >> <aol> >> Me neither! Me neither! >> </aol> >> >> I also goes through AboveNet. >> >> > A few more datapoints. I tried from 4 different AS numbers, two in > Europe, two in the US, two routed via GLBX and two via above. Only one > of them works (via Above). I'm at a loss at finding similarities > between the non-working ones. > > -erwin > > > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: "MALE BOVINE MANURE!!!"
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users