DNSSEC and time.nist.gov

I've noticed a spike of ServFail responses on our caching resolvers due to some DNSSEC issues on time.nist.gov (CNAME to ntp1.glb.nist.gov). If anyone of you guys has a direct contact would you be so kind and notify them... http://dnsviz.net/d/time.nist.gov/dnssec/ -- BR, Rok

Re: problems resolving domains unser NSxx.DOMAINCONTROL.COM - this problem i have too! :(((((

On 22.6.2010 2:16, Mark Andrews wrote: I suspect that your firewall is dropping replies to EDNS queries that *don't* include the OPT record (i.e. they are plain DNS not EDNS responses). Note that there was no OPT record in the reply. I hardly think that my firewall configuration is faulty bec

Re: problems resolving domains unser NSxx.DOMAINCONTROL.COM - this problem i have too! :(((((

Anyway.. I found out what the problem is... they don't reply to dnssec enabled requests... $ dig +short @ns33.domaincontrol.com. replacementservices.com. 72.32.12.235 $ dig +short +dnssec @ns33.domaincontrol.com. replacementservices.com. ;; connection timed out; no servers could be reached wan

problems resolving domains unser NSxx.DOMAINCONTROL.COM

I'm using bind 9.7.0-p2 as an authoritive/caching server on a couple of servers and lately I'm noticing that we're having problems resolving domains under *.domaincontrol.com servers. The query itself is sent out (as the tcpdump output down below shows) but only a couple of replies get back. In