nanog mailing list archives
Re: DNSsec from domailcontrol.com
From: Mark Andrews <marka () isc org>
Date: Fri, 18 Jun 2010 22:33:52 +1000
In message <AANLkTimcXZhuaI9nzOUHRM5fYGb73xRvVU2fy4JOZPRY () mail gmail com>, MKS writes:
Hi We (a small ISP in the middle of nowhere) are having problems resolving DNSsec records from godaddy. This commands works just fine # dig @ns52.domaincontrol.com loomus.com but this doesn't # dig @ns52.domaincontrol.com +dnssec loomus.com We don't receive the reply to the query. and no, this isn't a packet size issue, the reply for the second command is 124bytes, and the host isn't behind a firewall. So the same commands work just fine outside our network, and we are only having problems with nsxx.domailcontrol.com As far as I can see, when enabling +dnssec the EDNS option is activated and this is added in the dns querty "OPT UDPsize=4096 OK" I have also tried # dig @ns52.domaincontrol.com +dnssec +bufsize=512 loomus.com without any success. Does someone have any brilliant suggestions? Please contact me on or off list Regards MKS
The server isn't even EDNS aware. I suspect your firewall doesn't like a plain DNS response to a EDNS query. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- DNSsec from domailcontrol.com MKS (Jun 18)
- Re: DNSsec from domailcontrol.com Mark Andrews (Jun 18)