Hi there, On Sun, 16 Jun 2019, Mark Andrews wrote:
The servers for this zone are broken, they do not respond to queries with DNS COOKIE options present. You can add server options to named.conf to work around this while Barclays fix their servers / firewalls. Modern recursive servers are no longer working around broken servers that do not respond to queries. See DNS flag day. It looks like Barclays ignored the messages.
They have some history of ignoring messages: $ whois barclays.com | grep DNSSEC DNSSEC: unsigned -- 73, Ged. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users