How to get AD flag
David Newman
dnewman at networktest.com
Fri Aug 2 18:35:21 UTC 2013
On 8/1/13 10:48 PM, rams wrote:
> Thanks david,
> This the response i get
> dig +short rs.dns-oarc.net <http://rs.dns-oarc.net> txt @<forwarderip>
> rst.x3827.rs.dns-oarc.net <http://rst.x3827.rs.dns-oarc.net>.
> rst.x3837.x3827.rs.dns-oarc.net <http://rst.x3837.x3827.rs.dns-oarc.net>.
> rst.x3843.x3837.x3827.rs.dns-oarc.net
> <http://rst.x3843.x3837.x3827.rs.dns-oarc.net>.
> "50.16.87.189 sent EDNS buffer size 4096"
> "50.16.87.189 DNS reply size limit is at least 3843 bytes"
That looks OK, but the forwarder might still be broken (i.e., it might
strip replies).
Stephane Bortzmeyer's three possibilities are all plausible. I'd
recommend beginning with queries of known-valid domains (e.g., ietf.org,
isc.org) against known-valid resolvers (e.g., 8.8.8.8) and then working
from there.
dn
More information about the bind-users
mailing list