Re: Facing issues while resolving only one record

Yes, bypassing DNSSEC Validation seems to have a solution. Thanks for the help. On Wed, Aug 30, 2023 at 7:30 PM Bhangui, Sandeep - BLS CTR via bind-users < bind-users@lists.isc.org> wrote: > This seems to be an issue with the domain incometax.gov.in. > > > > DNSSEC looks like is broken for that

Re: Recursive client query rate-limiting

Hi Ben. In short, kinda. "recursive-clients" limits the overall number of concurrent recursive queries the server will handle. For each of those queries there is also "clients-per-query", which limits the number of different sources all asking the same question at the same time. This is so that,

Re: Facing issues while resolving only one record

This is why I try to read this list every day... Thanks Mark. I need to go back to RTFM (or read the man page) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at

Recursive client query rate-limiting

Hi, Is there a BIND configuration option that would limit the number of recursive client buffers/structures that any single client can consume on a BIND server at a time? I.e., any single client could only consume (say) 10 recursive client buffers at a time, and if the client sends another

Re: Facing issues while resolving only one record

To disable DNSSEC validation for a domain from the command line - I use:   dig +cd eportal.incometax.gov.in Works as expected. Better answer is to get them to fix the problem. On 2023/08/30 17:08, Bob McDonald wrote: Turning off validation for that domain

Re: Facing issues while resolving only one record

Turning off validation for that domain fixes the issue. When using dig to diagnose this issue, one might be tempted to use the DNSSEC switch. However, the following command: dig eportal.incometax.gov.in. +NODNSSEC will NOT turn off DNSSEC validation. The DNSSEC switch in dig is used to display

RE: Facing issues while resolving only one record

This seems to be an issue with the domain incometax.gov.in. DNSSEC looks like is broken for that domain. NS servers at our location also cannot resolve that directly but if I forward that query to any ISP provider NS which are more lax it resolves just fine. Thanks Sandeep From: bind-users

Re: Facing issues while resolving only one record

Hi Blason. "incometax.gov.in" is a domain known to cause problems. Take a binary packet capture and look at it in Wireshark. Also see this https://dnsviz.net/d/incometax.gov.in/dnssec/ A workaround in BIND is to disable DNSSEC validation for just that domain whilst leaving it on generally: see

RE: Facing issues while resolving only one record

Recommend you turn off DNSSEC validation and see if it starts working. If it does, then you know the issue is with how DNSSEC is configured on your server. John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Blason R Sent: Wednesday, August 30, 2023 8:20 AM To:

Facing issues while resolving only one record

Hi all, I have bind BIND 9.18.17-1+ubuntu22.04.1+isc+1-Ubuntu (Extended Support Version) And I am facing this weird issue. Somehow eportal.incometax.gov.in site is not getting resolved through DNS. I tried a lot but unfortunately the issue still persists. Here are packet capture logs.