On 13/01/15 12:39, Phil Mayers wrote:
On 13/01/15 12:37, Anand Buddhdev wrote:
On 13/01/15 13:27, Phil Mayers wrote:
Just to save anyone else the trouble, I've just found that some of the
GSLB names for *.adobe.com return NXDOMAIN with "nsid" options present:
It's not just NSID. They're responding with NXDOMAIN if you send any
EDNS option they don't understand, so it's the same with the EXPIRE and
SUBNET options as well.
Yeah, I just found that. Turns out we're getting caught out because we
have "sit" enabled (accidentally).
This must be recent(-ish) though; we've been on 9.10 since December and
only just had the report.
Just found another; dns{0,1}.getsurfed.com are returning crazy error
codes with "nsid" (and presumably other) edns options:
# dig +norec +nsid @213.162.97.177 www.london-nano.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: ?17, id: 21450
Sigh...
I'd advise strongly against people enabling "sit" in 9.10 right now...
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
