DNS Whitelist timeout errors and DNSSEC - ORF Forums

Hi,

I am experiencing DNS whitelist timeout errors since last Saturday Feb 12th, 2022. I searched and found the thread below:

https://vamsoft.com/forum/topic/917/dns-whitelist-timeout-errors

This post seems to indicate that there were issues with bondedsender.org at the time

The only correlation of this problem was that I enabled DNSSEC on my windows DNS servers that are used by ORF. To my knowledge DNSSEC is properly setup on those servers but I don't know if this is a pure coincidence or not. I will try disabling DNSSEC and see if the problem goes away. However if it does, I'd be interested to know why this problem is occurring and how to fix it.

Thanks!
Josh

Just to clarify my comment above that I "enabled DNSSEC", I "Enabled DNSSEC validation for remote responses" in the Windows DNS Server.

@Daniel Novak (Vamsoft): Hi Daniel,

I tried the DNS query you suggested above. On the servers I have "Enable DNSSEC validation for remote responses" checked/enabled I get the response "Server failed" when running both tests. On the servers I have "Enable DNSSEC validation for remote responses" unchecked/disabled the DNS query comes back as expected.

If I disable DNSSEC validation for remote responses, clear the DNS server's cache, and re-run the query everything comes back as expected.

It's good to know what is causing the problem, but I'm still unsure why it's causing the problem. I'll have to do some more investigation, but for the time being will disable DNSSEC validation for remote responses on all servers.

If I find the root cause of the issue I'll reply back.

Thanks!
Josh