First, check if vTM is handling DNS traffic for the domain concerned. If it does, check the error codes ISC DNS Flag Day website is showing:
ednsflags=mbz mbz - EDNS flags echoed back.
This is something that vTM does not do by itself, but if vTM is in pass-through mode, and back-end (real) DNS server exhibit that behaviour, vTM would pass-through such flags intact. If you get this error, check that:
- vTM's DNS virtual server is indeed in pass-through mode (i.e. pool selected is anything but "builtin_dns");
- Back-end (real) DNS servers are capable of handling EDNS0 extension flags. You might need to talk to back-end DNS server's vendor if this is not the case.
edns512tcp=timeout timeout - lookup timed out.
This error is most commonly seen when when no DNS/TCP virtual server is configured. To comply with ISC DNS Flagday, add a new virtual server with internal protocol set to "DNS/TCP", and copy other configuration from existing "DNS/UDP" virtual server. Also, if pass-through mode is in use, make sure that back-end server is capable of handing DNS/TCP too. |