On Thu, Jun 08, 2023 at 07:57:12PM +0000, Evan Hunt wrote: > So, I'm guessing systemd-resolved is choking on the EDNS COOKIE option. > This needs to be reported as a bug to the systemd maintainers. And, maybe > delv should have a +nocookie option.
Hmm, on further inspection, I was wrong about this - the COOKIE isn't the problem. It seems to be sending back NOTIMP if you specify the CD and DO bits (i.e., +cd and +dnssec) in the same query. I had added the +cd flag to the query because I was seeing SERVFAIL on a query for the .org DS record. I guessed that this was caused by an upstream validation problem, and I may have been right about that, but we can't bypass it with +cd because of this NOTIMP bug. So... I'm not sure what the specific problem is now, but the general problem does appear to be systemd-resolved. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
