On Sat, Jul 29, 2017 at 12:19:11AM -0400, Charles Sprickman wrote:
> Here’s a few things I’ve tried:
>
> - Verify with DNSVIZ: http://dnsviz.net/d/dot.nyc.gov/dnssec/
> - Update PowerDNS to powerdns-recursor-4.0.6
> - Remove “scrub” rules from pf configuration
> - Change pf rules to be stateless
> - Look for denied traffic by running tcpdump against pflog device while
> performing query
> - Checked record by querying BIND on same host
> - Checked record elsewhere (successful)
Thank you for specifying this in so much detail, very appreciated.
>
> Any ideas where to start with this? Anyone else seeing the same issue with
> this record?
We have not heard of this. What we recommend is to enable 'trace' or if that
is too much, 'trace-regex' for dot.nyc.gov. This will give a ton of detail
on what is going on.
We can then find out the problem for you, or perhaps you see it already.
Good luck and let us know!
Bert
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
