This is the problem:
https://lists.isc.org/mailman/htdig/bind-users/2024-April/108469.html
Not a new problem.
https://lists.isc.org/mailman/htdig/bind-users/2018-May/100229.html
On Tue, Dec 17, 2024 at 12:19 PM Ondřej Surý wrote:
> Crosscheck this with DNSSEC Debugger from Verisign:
>
> dnss
Crosscheck this with DNSSEC Debugger from Verisign:
https://dnssec-analyzer.verisignlabs.com/extranet.aro.army.mil
 No DS records found for akamai.csd.disa.mil in the csd.disa.mil zone
 All Queries to dns3.akamai.csd.disa.mil for akamai.csd.disa.mil/DNSKEY
timed out or failed

disa.mil servers are timing out on me over IPv6:
$ dig IN NS gcds.disa.mil. @DNS1.DISA.MIL.
;; communications error to 2608:125:0:1811:1001:9012:f00:20#53: timed out
;; communications error to 2608:125:0:1811:1001:9012:f00:20#53: timed out
;; communications error to 2608:125:0:1811:1001:9012:f00:2
I have a user who is unsuccessfully trying to resolve ‘extranet.aro.army.mil’
using our BIND resolvers. The query is failing with a 'shut down hung fetch
while resolving’ error message with some DNSSEC warning as well. The name
resolves without issue querying other external resolvers and also
4 matches
Mail list logo
