On 8/18/20 5:55 PM, Mark Andrews wrote: > If you are getting RST responses check your firewall settings. RST is often > forged > when TCP is blocked. The root servers normally accept TCP connections. > > % dig +tcp gmail.com @a.root-servers.net +dnssec
Bingo. This query failed before adding a rule to the upstream firewall to allow outbound queries, and works now. Thanks! dn _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users