BIND only resolves hostname on the second attempt
Mark Andrews
Mark_Andrews at isc.org
Fri Oct 29 01:05:15 UTC 2004
> on 10/28/04 5:37 PM, Mark Andrews at Mark_Andrews at isc.org wrote:
>
> >> Can anyone please help me figure out what's going wrong, and how to
> >> fix it? What have I misconfigured?
> >
> > Upgrade / configure your firewall to handle EDNS. It is
> > blocking the following reply from the root servers. Note
> > it is bigger than 512 byte of a standard DNS query.
>
> I also have the same problem in my colo cabinet. My ISP tells me there is
> no firewall, I certainly do not have one. How can I test for sure that EDNS
> is being blocked and how can I pin it down to where?
This make a traditional DNS query.
dig +norec www.microsoft.com @a.root-servers.net
These make EDNS queries.
dig +norec www.microsoft.com @a.root-servers.net +bufsize=4096
dig +norec www.microsoft.com @a.root-servers.net +dnssec
A firewall that is block EDNS replies > 512 bytes will allow the
first through and block the later.
Mark
> --
> -------------------------------------------------------------
> Scott Haneda Tel: 415.898.2602
> <http://www.newgeo.com> Fax: 313.557.5052
> <scott at newgeo.com> Novato, CA U.S.A.
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list