On 1/27/18 1:36 PM, Rob Sargent wrote:
Just for grins, try adding these lines to your named.conf file [within the
appropriate view] to see if that fixes it. I had to add something like it to
get usitc.gov working for my customers:
server 152.216.7.164 { send-cookie no; }; # ns1.irs.gov
server 152.216.7.165 { send-cookie no; }; # ns2.irs.gov
server 152.216.11.132 { send-cookie no; }; # ns3.irs.gov
server 152.216.11.133 { send-cookie no; }; # ns4.irs.gov
or whatever IP is failing. Not sure if your port 53 traffic goes thru QWest
but QWest is well known to be broken.
That did the trick! All of *irs.gov now resolve at my server.
Re: "well known", alas, not by me 'til now. So thx!
It appears, then, that the set of servers in my tests are all
'sensitive' to said brokenness. I suppose if it's actual breakage,
that's a good thing ...
Not clear to be why/how the 'big' NSs, e.g. Google, manage to avoid the
problem. Either they're INsensitive to the issue, or already have
implemented a similar workaround?
Also, if it's well known wouldn't a QWest have been given notice of said
probs? Or are they in the DGAD camp?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
