Good thought but no luck, it doesn’t matter how many times I run “dig txt rs.dns-oarc.net” or how long I wait it continues to SERVFAIL until I run "dig txt rs.dns-oarc.net +trace" Interestingly I've found that running "dig txt dns-oarc.net +trace" isn't enough to fix it, I actually have to run "dig txt rs.dns-oarc.net +trace" before things start working.
[...] There's an insecure delegation (NS set, and NSEC proving the nonexistence of a DS set) from dns-oarc.net to rs.dns-oarc.net. However, there's disagreement between the parent and child about what name servers actually serve rs.dns-oarc.net, and at least some of them are refusing to answer TCP. It's likely your recursive server is, for whatever reason, being drawn to the ones failing to respond, and not getting good data elsewhere fast enough to answer your query. [...] I agree, from my limited understanding this seems to describe what is happening well. The thing I'm wondering is why? I'm running older visions of named (9.9.4, yum provided RPM on CentOS 6) that seem immune to this issue. I've been digging through release notes and can't find any setting that has changed between the versions that might explain it (I know 9.9.4 to 9.12 is a big jump, so I'm sure I'm missing something) Thank you! -Nick _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
