In message <[email protected]>, MKS writes: > Hi > > We (a small ISP in the middle of nowhere) are having problems > resolving DNSsec records from godaddy. > > This commands works just fine > # dig @ns52.domaincontrol.com loomus.com > > but this doesn't > # dig @ns52.domaincontrol.com +dnssec loomus.com > We don't receive the reply to the query. > > and no, this isn't a packet size issue, the reply for the second > command is 124bytes, and the host isn't behind a firewall. > > So the same commands work just fine outside our network, and we are > only having problems with nsxx.domailcontrol.com > As far as I can see, when enabling +dnssec the EDNS option is > activated and this is added in the dns querty "OPT UDPsize=4096 OK" > > I have also tried > # dig @ns52.domaincontrol.com +dnssec +bufsize=512 loomus.com > without any success. > > > Does someone have any brilliant suggestions? > Please contact me on or off list > > Regards > MKS
The server isn't even EDNS aware. I suspect your firewall doesn't like a plain DNS response to a EDNS query. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
