Please Help

Kevin Oberman oberman at es.net
Thu Feb 17 21:38:30 UTC 2011


> Date: Thu, 17 Feb 2011 11:45:06 -0500
> From: "Lightner, Jeff" <jlightner at water.com>
> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
> 
> IIRC the U.S. Government last year or the year before mandated all their
> sites be DNSSEC compliant by early this year.  Maybe it is just a sign
> they are actually doing it.

Yes, they are. As of the last report I have received, something over 50%
of all .gov zones are now signed with the DS records installed in the
.gov zone. Still quite a ways to go but substantial progress has been
made and people with broken firewall are starting to notice.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

> -----Original Message-----
> From: bind-users-bounces+jlightner=water.com at lists.isc.org
> [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf
> Of Ryan Novosielski
> Sent: Thursday, February 17, 2011 9:54 AM
> To: Xiaoxu Huang
> Cc: bind-users at lists.isc.org
> Subject: Re: Please Help
> 
> Glad to hear it was a help.
> 
> Does anyone happen to know if anything changed for .gov addresses just
> last week? This problem appears to have come out of the clear blue sky
> (not that there wasn't plenty of warning) so I have to assume that
> something was just activated.
> 
> On 02/17/2011 09:47 AM, Xiaoxu Huang wrote:
> > We have checked list archives and our side has increased the allowed
> DNS
> > packet size. Now we are fine to get correct answer for **.gov.
> > 
> > Thanks for help and Best Regards,
> > 
> > Xiao
> > 2/17/2011  
> >   
> > 
> > -----Original Message-----
> > From: bind-users-bounces+xhuang=graphnet.com at lists.isc.org
> > [mailto:bind-users-bounces+xhuang=graphnet.com at lists.isc.org] On
> Behalf Of
> > Ryan Novosielski
> > Sent: Wednesday, February 16, 2011 5:47 PM
> > To: bind-users at lists.isc.org
> > Subject: Re: Please Help
> > 
> > I asked this same question this week. Check the list archives.
> > 
> > On 02/16/2011 05:24 PM, Xiaoxu Huang wrote:
> >> From couple of our DNS servers, we are failed to get correct DNS
> answer
> >> like followings:
> > 
> >> 1) From server A
> > 
> >> # nslookup
> > 
> >> Default Server:  localhost
> > 
> >> Address:  127.0.0.1
> > 
> > 
> > 
> >>> www.nyc.gov
> > 
> >> Server:  localhost
> > 
> >> Address:  127.0.0.1
> > 
> > 
> > 
> >> *** localhost can't find www.nyc.gov: Non-existent host/domain#
> nslookup
> > 
> > 
> > 
> >> 2) From server B:
> > 
> >> # nslookup
> > 
> >>> www.nyc.gov
> > 
> >> ;; connection timed out; no servers could be reached
> > 
> > 
> > 
> >> 3) Both servers run bind-9.7.2-P2
> > 
> > 
> > 
> >> Can any one help?



More information about the bind-users mailing list