Please Help
Kevin Oberman
oberman at es.net
Thu Feb 17 21:38:30 UTC 2011
> Date: Thu, 17 Feb 2011 11:45:06 -0500
> From: "Lightner, Jeff" <jlightner at water.com>
> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>
> IIRC the U.S. Government last year or the year before mandated all their
> sites be DNSSEC compliant by early this year. Maybe it is just a sign
> they are actually doing it.
Yes, they are. As of the last report I have received, something over 50%
of all .gov zones are now signed with the DS records installed in the
.gov zone. Still quite a ways to go but substantial progress has been
made and people with broken firewall are starting to notice.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> -----Original Message-----
> From: bind-users-bounces+jlightner=water.com at lists.isc.org
> [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf
> Of Ryan Novosielski
> Sent: Thursday, February 17, 2011 9:54 AM
> To: Xiaoxu Huang
> Cc: bind-users at lists.isc.org
> Subject: Re: Please Help
>
> Glad to hear it was a help.
>
> Does anyone happen to know if anything changed for .gov addresses just
> last week? This problem appears to have come out of the clear blue sky
> (not that there wasn't plenty of warning) so I have to assume that
> something was just activated.
>
> On 02/17/2011 09:47 AM, Xiaoxu Huang wrote:
> > We have checked list archives and our side has increased the allowed
> DNS
> > packet size. Now we are fine to get correct answer for **.gov.
> >
> > Thanks for help and Best Regards,
> >
> > Xiao
> > 2/17/2011
> >
> >
> > -----Original Message-----
> > From: bind-users-bounces+xhuang=graphnet.com at lists.isc.org
> > [mailto:bind-users-bounces+xhuang=graphnet.com at lists.isc.org] On
> Behalf Of
> > Ryan Novosielski
> > Sent: Wednesday, February 16, 2011 5:47 PM
> > To: bind-users at lists.isc.org
> > Subject: Re: Please Help
> >
> > I asked this same question this week. Check the list archives.
> >
> > On 02/16/2011 05:24 PM, Xiaoxu Huang wrote:
> >> From couple of our DNS servers, we are failed to get correct DNS
> answer
> >> like followings:
> >
> >> 1) From server A
> >
> >> # nslookup
> >
> >> Default Server: localhost
> >
> >> Address: 127.0.0.1
> >
> >
> >
> >>> www.nyc.gov
> >
> >> Server: localhost
> >
> >> Address: 127.0.0.1
> >
> >
> >
> >> *** localhost can't find www.nyc.gov: Non-existent host/domain#
> nslookup
> >
> >
> >
> >> 2) From server B:
> >
> >> # nslookup
> >
> >>> www.nyc.gov
> >
> >> ;; connection timed out; no servers could be reached
> >
> >
> >
> >> 3) Both servers run bind-9.7.2-P2
> >
> >
> >
> >> Can any one help?
More information about the bind-users
mailing list