cannot resolve oppedahl.com from uspto.gov domain
Florian Weimer
fweimer at bfk.de
Fri Feb 3 14:19:08 UTC 2012
* Florian Weimer:
> * Bill Owens:
>
>> On Fri, Feb 03, 2012 at 01:55:12PM +0000, Florian Weimer wrote:
>>> These nameservers:
>>>
>>> dns2.oppedahl.com. 172800 IN A 208.109.255.50
>>> dns1.oppedahl.com. 172800 IN A 216.69.185.50
>>>
>>> return SERVFAIL for EDNS0 queries. COM contains a signed delegation.
>>> This configuration is not supported. It seems that BIND produces
>>> a failure even if DNSSEC validation is not enabled for the view.
>>
>> How odd. . . it doesn't look that way from here:
>>
>> [littledebian:~] owens% dig oppedahl.com soa +norec +edns=0 @216.69.185.50
>
> The exact same command line results in SERVFAIL for me.
It depends on the source IP address. I tested from about a dozen source
addresses. There is a pattern (most of the time, one address works, but
the neighboring ones do not), but it it's not completely obvious.
It could be the result of DDoS mitigation gone wild, or per-source load
sharing redirecting part of the traffic to a broken instance.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the bind-users
mailing list