unable to resolve *.irs.gov at local bind 9.12.0 server ?

PGNet Dev pgnet.dev at gmail.com
Sat Jan 27 22:28:31 UTC 2018

On 1/27/18 1:36 PM, Rob Sargent wrote:
> Just for grins, try adding these lines to your named.conf file [within the appropriate view] to see if that fixes it.  I had to add something like it to get usitc.gov working for my customers:
>         server { send-cookie no; }; # ns1.irs.gov
>         server { send-cookie no; }; # ns2.irs.gov
>         server { send-cookie no; }; # ns3.irs.gov
>         server { send-cookie no; }; # ns4.irs.gov
> or whatever IP is failing.  Not sure if your port 53 traffic goes thru QWest but QWest is well known to be broken.

That did the trick!  All of *irs.gov now resolve at my server.

Re: "well known", alas, not by me 'til now.  So thx!

It appears, then, that the set of servers in my tests are all 
'sensitive' to said brokenness.  I suppose if it's actual breakage, 
that's a good thing ...

Not clear to be why/how the 'big' NSs, e.g. Google, manage to avoid the 
problem.  Either they're INsensitive to the issue, or already have 
implemented a similar workaround?

Also, if it's well known wouldn't a QWest have been given notice of said 
probs?  Or are they in the DGAD camp?

More information about the bind-users mailing list