In message <AANLkTimcXZhuaI9nzOUHRM5fYGb73xRvVU2fy4JOZPRY@mail.gmail.com>, MKS writes:
Hi
We (a small ISP in the middle of nowhere) are having problems resolving DNSsec records from godaddy.
This commands works just fine # dig @ns52.domaincontrol.com loomus.com
but this doesn't # dig @ns52.domaincontrol.com +dnssec loomus.com We don't receive the reply to the query.
and no, this isn't a packet size issue, the reply for the second command is 124bytes, and the host isn't behind a firewall.
So the same commands work just fine outside our network, and we are only having problems with nsxx.domailcontrol.com As far as I can see, when enabling +dnssec the EDNS option is activated and this is added in the dns querty "OPT UDPsize=4096 OK"
I have also tried # dig @ns52.domaincontrol.com +dnssec +bufsize=512 loomus.com without any success.
Does someone have any brilliant suggestions? Please contact me on or off list
Regards MKS
The server isn't even EDNS aware. I suspect your firewall doesn't like a plain DNS response to a EDNS query. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org