Hi Nanog people, The PowerDNS recursor has hit a snag resolving www.kde-look.org. It appears Worldnic has implemented 'TCP-before-UDP' on ns{9,10}.worldnic.com, whereby it sends out answers with the truncated bit set, and without an actual answer. Once the client has re-asked the query over TCP, it from then on allows UDP queries. This is possibly done to prevent DoS attacks. This hits those people who've been running the pdns recursor w/o heeding the warning on http://doc.powerdns.com/built-in-recursor.html stating our inadequacies regarding truncated packets. But is also hits everybody who only allows UDP port 53, which generally works fine, except now! Recall the AOL huge packet event from way back. So make sure your resolvers have TCP connectivity! And yes, my message may read a bit like djb's back in the time AOL started to use > 512 byte packets :-) The problem is solved in SVN luckily. Apologies. But just a heads up that if you suddenly have non-working Worldnic domains, you now know two possible causes. A quick solution for PowerDNS recursor users is to run 'dig www.kde-look.org @ns9.worldnic.com' periodically. Or upgrade to the SVN snapshot mentioned below, but do note that it is experimental. Wiki: http://wiki.powerdns.com/projects/trac/ Message: http://mailman.powerdns.com/pipermail/pdns-users/2005-July/002414.html SVN snapshot solving the problem: http://ds9a.nl/pdns/pdns-2.9.18-svn.tar.gz -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services