Patrick W. Gilmore wrote:
Works here.
However, we are downstream of Level 3 / as3356. I heard a rumor they ACL'ed queries from sources outside their downstream cone.
Based on some (relatively unscientific) experimentation, this does appear to be true. From sources that reach 4.2.2.1 via what appear to be peering links (such as an XO / Level(3) interconnect) queries time out, while sources that reach 4.2.2.1 via what appear to be transit links have no problems with consistent resolution. I can't really blame them, as a) open recursive DNS servers are rife for DNS amplification abuse, and b) this must be an enormous resource consumer for them. Probably a boon for OpenDNS and any others in the open/semi-open resolver space. Regards, Tim -- Tim Wilde, Senior Software Engineer, Team Cymru, Inc. twilde@cymru.com | +1-630-230-5433 | http://www.team-cymru.org/