I don't disagree with what you say about nameserver diversity but don't feel that is the issue here and is missing the point in my question.
I'd already eliminated "lookup" of the DNS servers by going straight to the IP they share. Connections from locations outside our network to that IP port 53 and traceroute to that IP work (as they apparently did for both of you). Connections outbound from our QTS IPs also work. It is only connections outbound from our AT&T IPs that seem to fail. This makes it look like the issue is specifically something to do with AT&T IPs. There have been no attempts I've made that failed anywhere except from the AT&T IPs. If it were some temporary "down" of their IP causing a timeout then going to second name server I'd expect that to affect the non AT&T outbound IPs or external lookups as well but as I said I'm not seeing it anywhere else. When we do traceroute we are seeing multiple hops either way but once we get to the same hop on both the QTS based IPs proceed to the name server and the AT&T based IPs do not. Since paths either way do multiple hops outside our network it appears it isn't our network that is the issue but something with AT&T. I'd sent more detail but the mailing list as usual said "your message awaits moderator approval" because it is too large. I've never yet seen any such moderator approval email either approved or denied in the past so doubt I'll see it this time. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
