> On 12 Mar 2024, at 13:36, Mark Andrews <ma...@isc.org> wrote:
> 
> Have you disabled EDNS to these servers in named.conf?  DNSSEC responses are 
> only returned
> if DO=1 is set in the request.  Named can learn that a server doesn’t support 
> EDNS if it doesn’t
> return EDNS responses consistently to EDNS requests.  If that happens named 
> will send plain DNS
> requests.

Gosh. YESSS!!

I had added those four DNS servers due to some nonsense with eset.com 
<http://eset.com/>, the AV company. I will review that. 

I had to do that in the past because of authoritative servers that simply do 
not answer (some braindead firewall
involved, probably) to EDNS options or cookies. 


Thank you!




Borja.

Attachment: signature.asc
Description: Message signed with OpenPGP

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to