unable to resolve *.irs.gov at local bind 9.12.0 server ?

PGNet Dev pgnet.dev at gmail.com
Sat Jan 27 23:09:27 UTC 2018

On 1/27/18 2:47 PM, Rob Sargent wrote:
> you should probably also add these so usitc.gov and sss.gov won’t fail if they fail for you:
>          server { send-cookie no; }; # sauthns1.qwest.net
>          server { send-cookie no; }; # sauthns2.qwest.net.

Done, thx.

> I prefer cycling to fixing all the brokenness with anything gov[ernment].  In my younger years I’d take them on and try to help them.  I suspect it has something to do with UDP tunneling because it wouldn’t work via my IPSEC link but worked fine out my fibre DSL link.  The above work around fixed it for me WRT usitc.gov.
> I just tried removing all the server no-cookie lines from my config and I couldn’t get to usitc.gov but no problem with irs.gov, go figure.  Anyhow as soon as you said SERVFAIL and QWest, it clicked in my mind.  I wonder if the IRS contracted out their DNS server ops to QWest?  Anyhow, have fun!

It's working, but I'm still seeing some strangeness ...

I apparently need to add the server clauses to BOTH my 'internal' & 'external' view.  Just one, or the other, doesn't do the trick.

I need to scratch my head a bit more about that one :-/

Also, even though it now 'works', it does so only AFTER I now see a couple of these timeouts in logs:

  Jan 27 15:02:08 core named[18703]: 27-Jan-2018 15:02:08.897 client: error: query client=0x7fc0f80eb4a0 thread=0x7fc100313700 (irs.gov/A): query_gotanswer: unexpected error: timed out
  Jan 27 15:02:08 core named[18703]: 27-Jan-2018 15:02:08.898 client: error: query client=0x7fc0f0066c30 thread=0x7fc0ffb12700 (irs.gov/AAAA): query_gotanswer: unexpected error: timed out

I've got no other timeouts in logs that I've found, so something unique to these again?

More information about the bind-users mailing list