[127250] in North American Network Operators' Group
DNSsec from domailcontrol.com
daemon@ATHENA.MIT.EDU (MKS)
Fri Jun 18 07:35:19 2010
Date: Fri, 18 Jun 2010 11:34:57 +0000
From: MKS <rekordmeister@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi
We (a small ISP in the middle of nowhere) are having problems
resolving DNSsec records from godaddy.
This commands works just fine
# dig @ns52.domaincontrol.com loomus.com
but this doesn't
# dig @ns52.domaincontrol.com +dnssec loomus.com
We don't receive the reply to the query.
and no, this isn't a packet size issue, the reply for the second
command is 124bytes, and the host isn't behind a firewall.
So the same commands work just fine outside our network, and we are
only having problems with nsxx.domailcontrol.com
As far as I can see, when enabling +dnssec the EDNS option is
activated and this is added in the dns querty "OPT UDPsize=4096 OK"
I have also tried
# dig @ns52.domaincontrol.com +dnssec +bufsize=512 loomus.com
without any success.
Does someone have any brilliant suggestions?
Please contact me on or off list
Regards
MKS
