On 1/27/18 2:47 PM, Rob Sargent wrote:
> you should probably also add these so usitc.gov and sss.gov won’t fail if
> they fail for you:
>
> server 63.150.72.5 { send-cookie no; }; # sauthns1.qwest.net
> server 208.44.130.121 { send-cookie no; }; # sauthns2.qwest.net.
Done, thx.
> I prefer cycling to fixing all the brokenness with anything gov[ernment]. In
> my younger years I’d take them on and try to help them. I suspect it has
> something to do with UDP tunneling because it wouldn’t work via my IPSEC link
> but worked fine out my fibre DSL link. The above work around fixed it for me
> WRT usitc.gov.
>
> I just tried removing all the server no-cookie lines from my config and I
> couldn’t get to usitc.gov but no problem with irs.gov, go figure. Anyhow as
> soon as you said SERVFAIL and QWest, it clicked in my mind. I wonder if the
> IRS contracted out their DNS server ops to QWest? Anyhow, have fun!
It's working, but I'm still seeing some strangeness ...
I apparently need to add the server clauses to BOTH my 'internal' & 'external'
view. Just one, or the other, doesn't do the trick.
I need to scratch my head a bit more about that one :-/
Also, even though it now 'works', it does so only AFTER I now see a couple of
these timeouts in logs:
Jan 27 15:02:08 core named[18703]: 27-Jan-2018 15:02:08.897 client: error:
query client=0x7fc0f80eb4a0 thread=0x7fc100313700 (irs.gov/A): query_gotanswer:
unexpected error: timed out
Jan 27 15:02:08 core named[18703]: 27-Jan-2018 15:02:08.898 client: error:
query client=0x7fc0f0066c30 thread=0x7fc0ffb12700 (irs.gov/AAAA):
query_gotanswer: unexpected error: timed out
I've got no other timeouts in logs that I've found, so something unique to
these again?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
