problems resolving domains unser NSxx.DOMAINCONTROL.COM - this problem i have too! :(((((
Mark Andrews
marka at isc.org
Tue Jun 22 00:16:06 UTC 2010
Mark Andrews writes:
>
> In message <4C1F85EF.5070901 at rula.net>, =?UTF-8?B?Um9rIFBvdG/EjW5paw==?= writ
> es
> :
> > Anyway.. I found out what the problem is... they don't reply to dnssec
> > enabled requests...
> >
> > $ dig +short @ns33.domaincontrol.com. replacementservices.com.
> > 72.32.12.235
> >
> > $ dig +short +dnssec @ns33.domaincontrol.com. replacementservices.com.
> > ;; connection timed out; no servers could be reached
> >
> > wanna boycott godaddy?
> >
> > --
> > LP, Rok
>
> They DO respond. Look at your firewall.
>
> % dig +short @ns33.domaincontrol.com. replacementservices.com.
> 72.32.12.235
> % dig +short +dnssec @ns33.domaincontrol.com. replacementservices.com.
> 72.32.12.235
> %
>
> Mark
I suspect that your firewall is dropping replies to EDNS queries
that *don't* include the OPT record (i.e. they are plain DNS not
EDNS responses). Note that there was no OPT record in the reply.
; <<>> DiG 9.3.6-P1 <<>> +dnssec @ns33.domaincontrol.com. replacementservices.com.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36916
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;replacementservices.com. IN A
;; ANSWER SECTION:
replacementservices.com. 3600 IN A 72.32.12.235
;; AUTHORITY SECTION:
replacementservices.com. 3600 IN NS ns33.domaincontrol.com.
replacementservices.com. 3600 IN NS ns34.domaincontrol.com.
;; Query time: 184 msec
;; SERVER: 216.69.185.17#53(216.69.185.17)
;; WHEN: Tue Jun 22 10:12:45 2010
;; MSG SIZE rcvd: 109
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list