Josh - are you using Cisco firewalls? We've seen problems resolving other .gov sites due to EDNS/DNSSEC requests being truncated by "dns inspect size" set to 512 bytes (out-of-box conf). Changing to 4k yielded good results and fixed those problems without other operational impact.
Chris Faehl Director, Cloud Architecture RightNow Technologies On 1/19/12 12:39 PM, "Baird, Josh" <jba...@follett.com> wrote: >Ugly fix, but it does work. I already had that in place as a "band-aid" >anyways. > >Josh > >-----Original Message----- >From: wbr...@e1b.org [mailto:wbr...@e1b.org] >Sent: Thursday, January 19, 2012 2:36 PM >To: Baird, Josh >Cc: bind-users@lists.isc.org >Subject: Re: Problem with ed.gov > >Josh wrote on 01/19/2012 02:06:05 PM: > >> My resolvers seem to be having problems resolving ed.gov hosts. >Others >> have reported similar problems, but I am having trouble figuring out >> where the problem lies. Some other resolvers seem to be resolving >> ed.gov correctly. I am able to query their authoritative servers >> directly from the same network where my resolvers are located. But, >my >> resolvers are not able to recurse to them. > >[snip]> >> Is anyone else having problems? Can you spot anything that could be >> preventing my/our resolvers to successfully query this? >> > >Years ago, we had problems with ed.gov. We added the following to our >config on 2009-08-11 to forward to their name servers: > >zone "ed.gov" { > type forward; > forwarders { 148.9.101.50; 148.9.101.52; 160.109.63.185; >160.109.63.186; > }; >}; > >Ugly fix? You bet! But the problems went away... > >IIRC, we did network sniffs at the perimeter and a bunch of other >troubleshooting to no avail. > > > >Confidentiality Notice: >This electronic message and any attachments may contain confidential or >privileged information, and is intended only for the individual or >entity >identified above as the addressee. If you are not the addressee (or the >employee or agent responsible to deliver it to the addressee), or if >this >message has been addressed to you in error, you are hereby notified that > >you may not copy, forward, disclose or use any part of this message or >any >attachments. Please notify the sender immediately by return e-mail or >telephone and delete this message from your system. >_______________________________________________ >Please visit https://lists.isc.org/mailman/listinfo/bind-users to >unsubscribe from this list > >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
