cannot resolve from domain

Cricket Liu cricket at
Fri Feb 3 23:01:48 UTC 2012

On Feb 3, 2012, at 9:53 AM, Cricket Liu wrote:

> On Feb 3, 2012, at 7:25 AM, Bill Owens wrote:
>> On Fri, Feb 03, 2012 at 10:04:19AM -0500, Lear, Karen (Evolver) wrote:
>>> Who would be responsible for opening a trouble report to GoDaddy?  I don't understand exactly what the problem is here.
>> It looks, from the outside, as though the Oppedahl Patent Law Firm LLC uses GoDaddy for DNS registration, DNS server hosting, and web server hosting. They're also DNSSEC-signing their domain (for which they should be praised ;)
>> The GoDaddy DNS servers are distributed around the network in various colocation sites, and reachable by IP anycast, which means that a number of different hosts will answer queries as if they were '', they are all reachable over the same IP address, and normal IP routing takes your DNS queries to the closest one. When I query for, I use servers in Chicago and they work fine. When you're trying to query for, you're likely using the same Washington, DC area server that Florian was using, and it is broken; it doesn't respond to queries that use EDNS0, and therefore can't handle DNSSEC. 
> This is consistent with something I noticed earlier:  DNSViz validates's chain of trust without a problem, but Verisign Labs' DNSSEC Debugger reports no response from's name servers.  DNSViz is hosted by Sandia, presumably in New Mexico, while Verisign Labs is in the D.C. area.
> Running an anycast instance that doesn't support EDNS0, though?  Yeesh!

A brief update:  Go Daddy says they've checked and it's not their fault, that their East Coast name servers do support EDNS0, but Verisign's DNSSEC Debugger is now magically not spewing errors when I test


More information about the bind-users mailing list