Re: DNSSEC validation failures for www.hrsa.gov

In message , Jay Ford writes: > On Sat, 25 Jun 2016, Mark Andrews wrote: > > The servers for webfarm.dr.hrsa.gov are not EDNS and DNSSEC compliant. > > They are returning FORMERR to queries with EDNS options. Unknown > > EDNS options are supposed to be ignored (RFC 6891). > > > > You can workaro

Re: Re: DNSSEC validation failures for www.hrsa.gov

On 24-Jun-16 22:13, Jay Ford wrote: > On Sat, 25 Jun 2016, Mark Andrews wrote: >> The servers for webfarm.dr.hrsa.gov are not EDNS and DNSSEC compliant. >> They are returning FORMERR to queries with EDNS options. Unknown >> EDNS options are supposed to be ignored (RFC 6891). >> >> You can workaro

Re: DNSSEC validation failures for www.hrsa.gov

On Sat, 25 Jun 2016, Mark Andrews wrote: The servers for webfarm.dr.hrsa.gov are not EDNS and DNSSEC compliant. They are returning FORMERR to queries with EDNS options. Unknown EDNS options are supposed to be ignored (RFC 6891). You can workaround this with a server clause to disable sending th

Re: DNSSEC validation failures for www.hrsa.gov

The servers for webfarm.dr.hrsa.gov are not EDNS and DNSSEC compliant. They are returning FORMERR to queries with EDNS options. Unknown EDNS options are supposed to be ignored (RFC 6891). You can workaround this with a server clause to disable sending the cookie option with a server clause. ser

DNSSEC validation failures for www.hrsa.gov

I'm getting DNSSEC validation failures by BIND 9.10.4-P1 for www.hrsa.gov. The pertinent log messages are things like: lame-servers: info: no valid RRSIG resolving 'webfarm.dr.hrsa.gov/DS/IN': 165.112.137.222#53 lame-servers: info: no valid RRSIG resolving 'webfarm.dr.hrsa.gov/DS/IN': 16