A few weeks ago, suddenly, reading news at lunch, I could not get to nytimes.com. I could ping it, and nslookup it, and if I put the IP address in place of the name, it was fine. After *much* back and forth over a ticket I put in, over the last week or so, our group figured it out: It *seemed* to be related to IPv6, and there's only *some* few sites, such as the Times, and Orbits, and one or two others I found, while, say, the Washington Post, or Huffpo, etc, were fine; and I could make it work by putting IPV6INIT="no" in ifcfg-eth0 and restarting the network, but another admin got it nailed, we *think*: apparently the M$-based DNS resolver's sending back extended DNS packets, and we gag. tcpdump saw us asking for an A record, then an AAAA record, then using search.... But putting the *very* counterintuitive option edns0 in /etc/resolv.conf, it works instantly, no caching, no nuthin'. Taking that out breaks it again. My question: it *appears* that we could add option edns0 to dhcpd.conf on the server, and it would fix it for everyone on our subnet. Have I misunderstood what I'm reading in the manpages? mark
m.roth at 5-cent.us wrote:> A few weeks ago, suddenly, reading news at lunch, I could not get to > nytimes.com. I could ping it, and nslookup it, and if I put the IP address > in place of the name, it was fine. > > After *much* back and forth over a ticket I put in, over the last week or > so, our group figured it out: It *seemed* to be related to IPv6, and > there's only *some* few sites, such as the Times, and Orbits, and one or > two others I found, while, say, the Washington Post, or Huffpo, etc, were > fine; and I could make it work by putting IPV6INIT="no" in ifcfg-eth0 and > restarting the network, but another admin got it nailed, we *think*: > apparently the M$-based DNS resolver's sending back extended DNS packets, > and we gag. tcpdump saw us asking for an A record, then an AAAA record, > then using search.... > > But putting the *very* counterintuitive option edns0 in /etc/resolv.conf, > it works instantly, no caching, no nuthin'. Taking that out breaks it > again. > > My question: it *appears* that we could add > option edns0 > to dhcpd.conf on the server, and it would fix it for everyone on our > subnet. > > Have I misunderstood what I'm reading in the manpages? >Sorry, missed some info: CentOS 6.4
Apparently Analagous Threads
- nscd
- openbsd-compat/getrrsetbyname.c: answer buffer size too large for EDNS0 and glibc
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- [Bug 1625] New: [PATCH] Make configuration of key verification from DNS easier
- Authentication to Secondary Domain Controller initially fails when PDC is offline