Thanks Greg and Ondrej, Many thanks for the pointer to DNS Cookies in BIND 9 (isc.org) https://kb.isc.org/docs/aa-01387
I have used https://ednscomp.isc.org/ednscomp/1ba42afa27 to check if they are compliant, but the answer is ambiguous: EDNS Compliance Tester Checking: 'sour.woinsta.com' as at 2022-05-04T13:45:39Z sour.woinsta.com.: NS lookup failed Codes * ok - test passed. Anyway, from what you have seen you are suspecting that the problem is on the woinsta.com side and not on our side ? The following indeed indicates a problem related to cookies: dig @ns1.thednscloud.com. +nocookie sour.woinsta.com A +short 23.82.12.29 while dig @ns1.thednscloud.com. +cookie sour.woinsta.com A +short ; <<>> DiG 9.11.36 <<>> @ns1.thednscloud.com. +cookie sour.woinsta.com A +short ; (2 servers found) ;; global options: +cmd ;; connection timed out; no servers could be reached I will try send-cookie no for that server to confirm it is the source of the issue. Cheers, Veronique > On 04/05/2022 14:34 Greg Choules <gregchoules+bindus...@googlemail.com> wrote: > > > Hi Veronique. > Every DNS server should support EDNS by now. It has been around for a very > long time. Even if it doesn't support EDNS it should ignore it. > > I made some test queries and packet captures to 23.82.12.28. Whatever this > box is, please talk to the manufacturer about EDNS support. > Or.. it may be that some network infrastructure - firewalls are usually the > first place to look - is blocking this traffic. > > Whatever is happening at the authoritative end, it needs to be fixed. All > modern recursive servers will use EDNS. > > Cheers, Greg >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users