DNSSEC error resolving gpo.gov ?
Mark Andrews
marka at isc.org
Tue Mar 14 23:29:35 UTC 2023
Why are you trying to query this address? The IPv4 servers are 162.140.15.100
and 162.140.254.200.
> On 15 Mar 2023, at 07:53, Darren Ankney <darren.ankney at gmail.com> wrote:
>
> This is failing for me regularly:
>
> $ dig ns3.gpo.gov +dnssec +norecurse @162.140.15.200
> ;; communications error to 162.140.15.200#53: timed out
> ;; communications error to 162.140.15.200#53: timed out
> ;; communications error to 162.140.15.200#53: timed out
>
> ; <<>> DiG 9.18.11 <<>> ns3.gpo.gov +dnssec +norecurse @162.140.15.200
> ;; global options: +cmd
> ;; no servers could be reached
>
> but all other combos of ns3.gpo.gov or ns4.gpo.gov and 162.140.15.100
> and 162.140.15.200 work fine.
>
> On Tue, Mar 14, 2023 at 12:03 PM Tim Maestas <tmaestas95 at gmail.com> wrote:
>>
>> I've been having problems resolving www.federalregister.gov which is served by ns3.gpo.gov and ns4.gpo.gov, using BIND 9.16.27. Haven't been able to quite figure out why so I've stuck an NTA in for the time being.
>>
>> On Tue, Mar 14, 2023 at 8:52 AM Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>>>
>>> On Tue, Mar 14, 2023 at 11:35:38AM -0400,
>>> Alexandra Yang <drayales at gmail.com> wrote
>>> a message of 183 lines which said:
>>>
>>>> I wonder if any of your nameserver resolve it just fine, like 8.8.8.8
>>>> works
>>>
>>> Among RIPE Atlas probes, most succeed:
>>>
>>> % blaeu-resolve --displayvalidation -r 100 --type A gpo.gov
>>> [ (Authentic Data flag) 162.140.14.82] : 46 occurrences
>>> [162.140.14.82] : 52 occurrences
>>> [ERROR: SERVFAIL] : 2 occurrences
>>> Test #50935448 done at 2023-03-14T15:46:50Z
>>>
>>> The two whose resolvers servfail may have stricter/paranoid resolvers.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list