Problem with ed.gov

Faehl, Chris cfaehl at rightnow.com
Thu Jan 19 20:34:09 UTC 2012


Josh - are you using Cisco firewalls? We've seen problems resolving other
.gov sites due to EDNS/DNSSEC requests being truncated by "dns inspect
size" set to 512 bytes (out-of-box conf). Changing to 4k yielded good
results and fixed those problems without other operational impact.

Chris Faehl
Director, Cloud Architecture
RightNow Technologies

On 1/19/12 12:39 PM, "Baird, Josh" <jbaird at follett.com> wrote:

>Ugly fix, but it does work.  I already had that in place as a "band-aid"
>anyways.
>
>Josh
>
>-----Original Message-----
>From: WBrown at e1b.org [mailto:WBrown at e1b.org]
>Sent: Thursday, January 19, 2012 2:36 PM
>To: Baird, Josh
>Cc: bind-users at lists.isc.org
>Subject: Re: Problem with ed.gov
>
>Josh wrote on 01/19/2012 02:06:05 PM:
>
>> My resolvers seem to be having problems resolving ed.gov hosts.
>Others
>> have reported similar problems, but I am having trouble figuring out
>> where the problem lies.  Some other resolvers seem to be resolving
>> ed.gov correctly.  I am able to query their authoritative servers
>> directly from the same network where my resolvers are located.  But,
>my
>> resolvers are not able to recurse to them.
>
>[snip]> 
>> Is anyone else having problems?  Can you spot anything that could be
>> preventing my/our resolvers to successfully query this?
>> 
>
>Years ago, we had problems with ed.gov.  We added the following to our
>config on 2009-08-11 to forward to their name servers:
>
>zone "ed.gov" {
>        type forward;
>        forwarders { 148.9.101.50; 148.9.101.52; 160.109.63.185;
>160.109.63.186;
>  };
>};
>
>Ugly fix? You bet!  But the problems went away...
>
>IIRC, we did network sniffs at the perimeter and a bunch of other
>troubleshooting to no avail.
>
>
>
>Confidentiality Notice:
>This electronic message and any attachments may contain confidential or
>privileged information, and is intended only for the individual or
>entity 
>identified above as the addressee. If you are not the addressee (or the
>employee or agent responsible to deliver it to the addressee), or if
>this 
>message has been addressed to you in error, you are hereby notified that
>
>you may not copy, forward, disclose or use any part of this message or
>any 
>attachments. Please notify the sender immediately by return e-mail or
>telephone and delete this message from your system.
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list