ORG uses NSEC3 rather than NSEC. It would be interesting
to see if you can get responses from .SE or not with the
setting enabled. SE uses NSEC which has been around years
longer than NSEC3.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 211
ot;network unreachable resolving"
are very usual in the named logs.
Note: The same behaviour with other .org domains.
Thank you.
> Date: Wed, 3 Jun 2009 12:18:28 -0500
> From: jr...@isc.org
> To: cut...@hotmail.com
> CC: bind-users@lists.isc.org
> Subject: Re: Problem w
On Wed, 3 Jun 2009, Kevin Darcy wrote:
> Kevin Darcy wrote:
> > Since .org was recently DNSSEC-signed
> > (http://www.afilias.info/afilias+signs+org+zone), my guess would be that you
> > have a firewall, an intrusion-prevention device, or somesuch, that is
> > dropping the packets because it doesn
Never mind, reading that press release more deeply, it looks like
they're in a _limited_ testing phase right now. Shouldn't affect you
directly.
Possibly they're having problems with their testing that might have
indirect effect on resolvability.
Since .org was recently DNSSEC-signed
(http://www.afilias.info/afilias+signs+org+zone), my guess would be that
you have a firewall, an intrusion-prevention device, or somesuch, that
is dropping the packets because it doesn't understand the DNSSEC records
contained in them.
Hello.
In my company we have a name server BIND 9.6 running on RedHat 4.7 ES. We've
realized it don't resolve any
.org domain. For example:
[r...@dnsint ~]# nslookup www.mirrorservice.org 10.20.29.22
;; connection timed out; no servers could be reached
[r...@dnsint ~]# nslookup www.madrid.org
6 matches
Mail list logo
