From owner-freebsd-questions@FreeBSD.ORG  Fri May  7 10:44:20 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1F5101065676
	for <freebsd-questions@freebsd.org>;
	Fri,  7 May 2010 10:44:20 +0000 (UTC)
	(envelope-from jonc@chen.org.nz)
Received: from chen.org.nz (ip-58-28-152-174.static-xdsl.xnet.co.nz
	[58.28.152.174])
	by mx1.freebsd.org (Postfix) with ESMTP id C281A8FC16
	for <freebsd-questions@freebsd.org>;
	Fri,  7 May 2010 10:44:19 +0000 (UTC)
Received: by chen.org.nz (Postfix, from userid 1000)
	id B9C35E043A; Fri,  7 May 2010 22:44:16 +1200 (NZST)
Date: Fri, 7 May 2010 22:44:16 +1200
From: Jonathan Chen <jonc@chen.org.nz>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Message-ID: <20100507104416.GA35730@osiris.chen.org.nz>
References: <3336_1273178399_4BE3291E_3336_4_1_4BE32922.4090608@solnetsolutions.co.nz>
	<4BE3C905.2000207@infracaninophile.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4BE3C905.2000207@infracaninophile.co.uk>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-questions@freebsd.org
Subject: Re: DNS not working since May 6 2010
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2010 10:44:20 -0000

On Fri, May 07, 2010 at 09:02:13AM +0100, Matthew Seaman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 06/05/2010 21:40:02, Jonathan Chen wrote:
> 
> > I've got a small DNS server on my home network, and ever since May 6,
> > 2010 (co-incidentally DNSSEC root sign day), lookups on freebsd.org have
> > started failing. eg:
> 
> Uh, the DURZ was installed on j.root; the last one of the root servers
> to get it.  Besides, .org was DNSSEC signed way back in June 2009. That
> is not causing your problem here.
> 

Hmm, I ran across an DNSSEC article in The Register, which lead me to:

   http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues

Working thru' it, I tweaked my named.conf's edns-udp-size option and
it started working again. So it looks like it was related to the final
set of root servers being enabled.

Cheers.
-- 
Jonathan Chen <jonc@chen.org.nz>
----------------------------------------------------------------------
                                             When all else fails, RTFM