dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

what's up
The Lou

Is Verisign blocking DNS Caching Server Resolution?

I couldn't think of a better place to ask this question...

I've found that my caching DNS server being run from my home Internet connection (BIND, all internal with no external access) cannot resolve domain names that are authoritative to *.verisigndns.com. Any returned addresses come from Level 3's server of I can't come across any examples of others having this issue, so that leads me to think that it's my configuration issue, but I can't find where.

 <<>> DiG 9.8.1-P1 <<>> a2.verisigndns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62521
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;a2.verisigndns.com.            IN      A
a2.verisigndns.com.     2464    IN      A
;; Query time: 43 msec
;; WHEN: Sun Nov  3 18:55:11 2013
;; MSG SIZE  rcvd: 52


<<>> DiG 9.8.1-P1 <<>> a2.verisigndns.com +trace
;; global options: +cmd
.                       82524   IN      NS      d.root-servers.net.
.                       82524   IN      NS      i.root-servers.net.
.                       82524   IN      NS      c.root-servers.net.
.                       82524   IN      NS      b.root-servers.net.
.                       82524   IN      NS      k.root-servers.net.
.                       82524   IN      NS      a.root-servers.net.
.                       82524   IN      NS      j.root-servers.net.
.                       82524   IN      NS      f.root-servers.net.
.                       82524   IN      NS      m.root-servers.net.
.                       82524   IN      NS      g.root-servers.net.
.                       82524   IN      NS      l.root-servers.net.
.                       82524   IN      NS      h.root-servers.net.
.                       82524   IN      NS      e.root-servers.net.
;; Received 436 bytes from in 9 ms
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 496 bytes from in 63 ms
verisigndns.com.        172800  IN      NS      a1.verisigndns.com.
verisigndns.com.        172800  IN      NS      a2.verisigndns.com.
verisigndns.com.        172800  IN      NS      a3.verisigndns.com.
verisigndns.com.        172800  IN      NS      u1.verisigndns.com.
verisigndns.com.        172800  IN      NS      u2.verisigndns.com.
verisigndns.com.        172800  IN      NS      u3.verisigndns.com.
;; Received 315 bytes from in 30540 ms

Has anyone every run into something similar?

what's up
The Lou
To follow-up...

I still do not know what's causing this, but to "fix" I added burberry.com to my zone file with a forwarder to Opendns' servers.