-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I re-ran the dig to localhost (running bind 9.10.0-P2), and grabbed the packets with tcpdump.
dig ardownload.adobe.com. @localhost That sent a query to 192.150.19.247 with flags = 0, edns size = 512, and got an NXDOMAIN answer. So I tried to reproduce that query with dig: dig ardownload.wip4.adobe.com a @192.150.19.247 +dnssec +norecur +noadflag +bufsize=512 According to tcpdump, that sent the same query, but it got the cname answer. The outgoing query from the local bind-9.10.0-P2 contains an extra 12 bytes of data in the OPT record, after the Z field containing the DO bit. This version of bind was compiled with --enable-sit It seems that the adobe servers choke on that. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlO1u5wACgkQL6j7milTFsH2IACfVK7hgK/L4XprzUWpJ7PGeXQV 938AmwcrygxiD7pZD3qYVtaL37idfHWp =Ah7c -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
