[dns-operations] DNSSEC validation timeout from Afilias TLD

derek.mcumber derek.mcumber at datamtn.com
Fri May 23 14:51:43 UTC 2014

Good Morning:

I have been struggling with a DNSSEC validation error on 9.7.3 and up.
I am not sure I have an ISC bug or if we have an MTU mismatch near the perimeter
of the Afilias TLDs.

I would like to see if some of the other DNS operators can validate the issue I am
experiencing or if this is isolated to a few parts of the US.

I don't know why we wouldn't have caught this earlier.

GOOD:  This command pulling DNSKEYs from the verisign .gov TLD works just
about anywhere

             dig +dnssec +tcp pbgc.gov

BAD:  This command pulling DNSKEYs from the Afilias TLD fails everywhere

             dig +dnssec +tcp pbgc.org

Can anyone confirm this?

Derek McUmber
Data Mountain Solutions
derek.mcumber at datamtn.com

More information about the dns-operations mailing list