DNS Whitelist timeout errors and DNSSEC - ORF Forums

DNS Whitelist timeout errors and DNSSEC RSS Back to forum

1

Hi,

I am experiencing DNS whitelist timeout errors since last Saturday Feb 12th, 2022. I searched and found the thread below:

https://vamsoft.com/forum/topic/917/dns-whitelist-timeout-errors

This post seems to indicate that there were issues with bondedsender.org at the time

The only correlation of this problem was that I enabled DNSSEC on my windows DNS servers that are used by ORF. To my knowledge DNSSEC is properly setup on those servers but I don't know if this is a pure coincidence or not. I will try disabling DNSSEC and see if the problem goes away. However if it does, I'd be interested to know why this problem is occurring and how to fix it.

Thanks!
Josh

by Josh 4 months ago
2

Just to clarify my comment above that I "enabled DNSSEC", I "Enabled DNSSEC validation for remote responses" in the Windows DNS Server.

by Josh 4 months ago
3

@Josh: Hello Josh,

We are not aware of any issues with the DNS Whitelist test or any of ORF's DNS-based tests at the time of writing this.

I recommend that you try querying the DNS Whitelist server from the ORF server using nslookup and see if you receive a response. The test commands are below:

---
Non-certified IP check:
> nslookup 1.1.1.1.orf.bondedsender.org {CONFIGURED-DNS-SERVER-IP}

Answer:
> [...]can't find 1.1.1.1.orf.bondedsender.org: Non-existent domain

---
Certified IP check:
> nslookup 32.252.98.87.orf.bondedsender.org {CONFIGURED-DNS-SERVER-IP}

Answer:
> Non-authoritative answer:
> Name: 32.252.98.87.orf.bondedsender.org
> Address: 127.0.0.10

by Daniel Novak (Vamsoft) 4 months ago
(in reply to this post)

4

@Daniel Novak (Vamsoft): Hi Daniel,

I tried the DNS query you suggested above. On the servers I have "Enable DNSSEC validation for remote responses" checked/enabled I get the response "Server failed" when running both tests. On the servers I have "Enable DNSSEC validation for remote responses" unchecked/disabled the DNS query comes back as expected.

If I disable DNSSEC validation for remote responses, clear the DNS server's cache, and re-run the query everything comes back as expected.

It's good to know what is causing the problem, but I'm still unsure why it's causing the problem. I'll have to do some more investigation, but for the time being will disable DNSSEC validation for remote responses on all servers.

If I find the root cause of the issue I'll reply back.

Thanks!
Josh

by Josh 4 months ago
(in reply to this post)

5

@Josh: Thank you for the update Josh.

by Daniel Novak (Vamsoft) 4 months ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2