Hi again, Never mind. It wasn't the difference between versions. It was that the 9.10.3 server was forwarding all queries to my ISP's DNS servers which are not functioning well. They can't even resolve ietf.org at the moment. When forwarding to 8.8.8.8 instead, it behaves the same as the 9.11.5 server that's doing its own resolving. Apologies for the noise.
cheers, raf On Fri, Aug 06, 2021 at 11:56:06AM +1000, raf <b...@raf.org> wrote: > Hi, > > Firstly, I'd like to thank everyone involved with making bind. > I'm used to using old versions (9.10.3 on an old ubuntu host) > and (9.11.5 on debian-10 stable). And just as I'm about to start > using DNSSEC for my domains, debian-11 stable is about to come > out in a few days with bind-9.16.15 which will make DNSSEC so > much easier than I was expecting. Thanks again. > > Now to my question. I've seen an odd difference in behaviour > between 9.10.3 and 9.11.5 relating to DNSSEC, and I was wondering > if anyone knows the reason. > > With both servers configured with "dnssec-validation auto", > 9.10.3 won't resolve tools.ietf.org or datatracker.ietf.org, > but 9.11.5 will resolve them. 9.10.3 will only resolve them > without "dnssec-validation auto". Below is some dig output. > > Any thoughts? > > cheers, > raf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users