unable to resolve *.irs.gov at local bind 9.12.0 server ?
PGNet Dev
pgnet.dev at gmail.com
Sat Jan 27 22:28:31 UTC 2018
On 1/27/18 1:36 PM, Rob Sargent wrote:
> Just for grins, try adding these lines to your named.conf file [within the appropriate view] to see if that fixes it. I had to add something like it to get usitc.gov working for my customers:
>
> server 152.216.7.164 { send-cookie no; }; # ns1.irs.gov
> server 152.216.7.165 { send-cookie no; }; # ns2.irs.gov
> server 152.216.11.132 { send-cookie no; }; # ns3.irs.gov
> server 152.216.11.133 { send-cookie no; }; # ns4.irs.gov
>
> or whatever IP is failing. Not sure if your port 53 traffic goes thru QWest but QWest is well known to be broken.
That did the trick! All of *irs.gov now resolve at my server.
Re: "well known", alas, not by me 'til now. So thx!
It appears, then, that the set of servers in my tests are all
'sensitive' to said brokenness. I suppose if it's actual breakage,
that's a good thing ...
Not clear to be why/how the 'big' NSs, e.g. Google, manage to avoid the
problem. Either they're INsensitive to the issue, or already have
implemented a similar workaround?
Also, if it's well known wouldn't a QWest have been given notice of said
probs? Or are they in the DGAD camp?
More information about the bind-users
mailing list