cannot resolve oppedahl.com from uspto.gov domain

[Cricket Liu]

On Feb 3, 2012, at 9:53 AM, Cricket Liu wrote:

> 
> On Feb 3, 2012, at 7:25 AM, Bill Owens wrote:
> 
>> On Fri, Feb 03, 2012 at 10:04:19AM -0500, Lear, Karen (Evolver) wrote:
>>> Who would be responsible for opening a trouble report to GoDaddy?  I don't understand exactly what the problem is here.
>> 
>> It looks, from the outside, as though the Oppedahl Patent Law Firm LLC uses GoDaddy for DNS registration, DNS server hosting, and web server hosting. They're also DNSSEC-signing their domain (for which they should be praised ;)
>> 
>> The GoDaddy DNS servers are distributed around the network in various colocation sites, and reachable by IP anycast, which means that a number of different hosts will answer queries as if they were 'dns1.oppedahl.com', they are all reachable over the same IP address, and normal IP routing takes your DNS queries to the closest one. When I query for oppedahl.com, I use servers in Chicago and they work fine. When you're trying to query for oppedahl.com, you're likely using the same Washington, DC area server that Florian was using, and it is broken; it doesn't respond to queries that use EDNS0, and therefore can't handle DNSSEC. 
> 
> This is consistent with something I noticed earlier:  DNSViz validates oppedahl.com's chain of trust without a problem, but Verisign Labs' DNSSEC Debugger reports no response from oppedahl.com's name servers.  DNSViz is hosted by Sandia, presumably in New Mexico, while Verisign Labs is in the D.C. area.
> 
> Running an anycast instance that doesn't support EDNS0, though?  Yeesh!

A brief update:  Go Daddy says they've checked and it's not their fault, that their East Coast name servers do support EDNS0, but Verisign's DNSSEC Debugger is now magically not spewing errors when I test oppedahl.com.

cricket