On 09.04.18 09:59, Benoit Panizzon wrote: > Hi List > > [...] > Our two main caching DNS Servers run bind 9.11.2-P1, after flushing > the cache and even restarting still see an issue with this domain: > [...] > Doing the same test via a 9.10.3-P4-Debian with Validation enabled, > works fine. >
The most likely reason: Bind 9.11 enables EDNS cookies by default, but the authoritative servers for this domain do not handle EDNS correctly: https://ednscomp.isc.org/ednscomp/b01039e111 quick fix: server NSNAME { send-cookie no; }; Btw: Currently, many resolvers implement workarounds for such broken nameservers, but several open-source resolver implementations agreed on removing these workarounds next year, so the affected nameservers will have to be fixed. https://blog.powerdns.com/2018/03/22/removing-edns-workarounds/ _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
