On Mon, Jun 21, 2010 at 05:31:59PM +0200, Rok Poto??nik wrote: > Anyway.. I found out what the problem is... they don't reply to dnssec > enabled requests... > > $ dig +short @ns33.domaincontrol.com. replacementservices.com. > 72.32.12.235 > > $ dig +short +dnssec @ns33.domaincontrol.com. replacementservices.com. > ;; connection timed out; no servers could be reached > > wanna boycott godaddy? > Actually, they don't support EDNS either, so you'll get timeouts even without DNSSEC:
er...@orange:~% dig +short +edns=0 @ns33.domaincontrol.com. replacementservices.com. ;; connection timed out; no servers could be reached er...@orange:~% dig +short @ns33.domaincontrol.com. replacementservices.com. 72.32.12.235 Note that Bind 9.5 fixed the timeout issue by resending it as a plain request, you may want to upgrade your recursors if they are still on 9.4. See last item in the list: https://www.isc.org/software/bind/new-features/9.5 -erwin -- Erwin Lansing (o_ _o) http://droso.org Ceterum censeo \\\_\ /_/// Carthaginem esse delendam <____) (____> er...@lansing.dk
pgpAUKDxWYIpt.pgp
Description: PGP signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
