> Date: Thu, 17 Feb 2011 11:45:06 -0500 > From: "Lightner, Jeff" <jlight...@water.com> > Sender: bind-users-bounces+oberman=es....@lists.isc.org > > IIRC the U.S. Government last year or the year before mandated all their > sites be DNSSEC compliant by early this year. Maybe it is just a sign > they are actually doing it.
Yes, they are. As of the last report I have received, something over 50% of all .gov zones are now signed with the DS records installed in the .gov zone. Still quite a ways to go but substantial progress has been made and people with broken firewall are starting to notice. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > -----Original Message----- > From: bind-users-bounces+jlightner=water....@lists.isc.org > [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf > Of Ryan Novosielski > Sent: Thursday, February 17, 2011 9:54 AM > To: Xiaoxu Huang > Cc: bind-users@lists.isc.org > Subject: Re: Please Help > > Glad to hear it was a help. > > Does anyone happen to know if anything changed for .gov addresses just > last week? This problem appears to have come out of the clear blue sky > (not that there wasn't plenty of warning) so I have to assume that > something was just activated. > > On 02/17/2011 09:47 AM, Xiaoxu Huang wrote: > > We have checked list archives and our side has increased the allowed > DNS > > packet size. Now we are fine to get correct answer for **.gov. > > > > Thanks for help and Best Regards, > > > > Xiao > > 2/17/2011 > > > > > > -----Original Message----- > > From: bind-users-bounces+xhuang=graphnet....@lists.isc.org > > [mailto:bind-users-bounces+xhuang=graphnet....@lists.isc.org] On > Behalf Of > > Ryan Novosielski > > Sent: Wednesday, February 16, 2011 5:47 PM > > To: bind-users@lists.isc.org > > Subject: Re: Please Help > > > > I asked this same question this week. Check the list archives. > > > > On 02/16/2011 05:24 PM, Xiaoxu Huang wrote: > >> From couple of our DNS servers, we are failed to get correct DNS > answer > >> like followings: > > > >> 1) From server A > > > >> # nslookup > > > >> Default Server: localhost > > > >> Address: 127.0.0.1 > > > > > > > >>> www.nyc.gov > > > >> Server: localhost > > > >> Address: 127.0.0.1 > > > > > > > >> *** localhost can't find www.nyc.gov: Non-existent host/domain# > nslookup > > > > > > > >> 2) From server B: > > > >> # nslookup > > > >>> www.nyc.gov > > > >> ;; connection timed out; no servers could be reached > > > > > > > >> 3) Both servers run bind-9.7.2-P2 > > > > > > > >> Can any one help? _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
