> On 12 Mar 2024, at 13:36, Mark Andrews <ma...@isc.org> wrote: > > Have you disabled EDNS to these servers in named.conf? DNSSEC responses are > only returned > if DO=1 is set in the request. Named can learn that a server doesn’t support > EDNS if it doesn’t > return EDNS responses consistently to EDNS requests. If that happens named > will send plain DNS > requests.
Gosh. YESSS!! I had added those four DNS servers due to some nonsense with eset.com <http://eset.com/>, the AV company. I will review that. I had to do that in the past because of authoritative servers that simply do not answer (some braindead firewall involved, probably) to EDNS options or cookies. Thank you! Borja.
signature.asc
Description: Message signed with OpenPGP
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users