I have discovered Friday that the following domain used by Barclays bank
in UK doesn't resolve properly - but only on some of my servers running
Bind:
federate-secure.glbaa.barclays.com
It works on a server with v9.12.3, but it fails on a server with v9.11.0
and another one with v9.14.2. Howe
A very quick check from an iPad showed the host resolving fine from a couple of
different recursives. The local one:
Shared from ISC Dig for iOS
; <<>> DiG 9.13.3 <<>> @192.168.0.10 +dnssec +noqr +multiline
federate-secure.glbaa.barclays.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
On 16/06/19 09:59, Simon Forster wrote:
A very quick check from an iPad showed the host resolving fine from a couple of
different recursives. The local one:
Shared from ISC Dig for iOS
; <<>> DiG 9.13.3 <<>> @192.168.0.10 +dnssec +noqr +multiline
federate-secure.glbaa.barclays.com
;; Got answ
The servers for this zone are broken, they do not respond to queries with DNS
COOKIE options present. You can add server options to named.conf to work around
this while Barclays fix their servers / firewalls. Modern recursive servers are
no longer working around broken servers that do not respond
Hi there,
On Sun, 16 Jun 2019, Mark Andrews wrote:
The servers for this zone are broken, they do not respond to queries with DNS
COOKIE options present. You can add server options to named.conf to work around
this while Barclays fix their servers / firewalls. Modern recursive servers are
no l
On 16/06/19 12:37, Mark Andrews wrote:
The servers for this zone are broken, they do not respond to queries with DNS
COOKIE options present. You can add server options to named.conf to work around
this while Barclays fix their servers / firewalls. Modern recursive servers are
no longer workin
No. Treating no response as anything other than packet loss leads to lookups
failing when it is packet loss.
Mark
--
Mark Andrews
> On 16 Jun 2019, at 23:10, Sebastian Arcus wrote:
>
>
>> On 16/06/19 12:37, Mark Andrews wrote:
>> The servers for this zone are broken, they do not respond to
On 16/06/19 14:31, Mark Andrews wrote:
No. Treating no response as anything other than packet loss leads to lookups
failing when it is packet loss.
That makes sense - thank you
Mark
-- Mark Andrews
On 16 Jun 2019, at 23:10, Sebastian Arcus wrote:
On 16/06/19 12:37, Mark Andrews wr
A *bank* not using DNSSEC?? Glad I don't have any money there.
On Sun, 16 Jun 2019 14:00:36 +0100 (BST)
"G.W. Haywood via bind-users" wrote:
> Hi there,
>
> On Sun, 16 Jun 2019, Mark Andrews wrote:
>
> > The servers for this zone are broken, they do not respond to
> > queries with DNS COOKI
In article you write:
>A *bank* not using DNSSEC?? Glad I don't have any money there.
Sure they do.
>> They have some history of ignoring messages:
>>
>> $ whois barclays.com | grep DNSSEC
>> DNSSEC: unsigned
That domain is so 20th century.
They have their own vanity domain which is quit
10 matches
Mail list logo
