[dns-operations] Shameless plug for our Zonecheck software (Was: af.mil DNS issue

John Payne john at sackheads.org
Mon Jul 3 20:38:35 UTC 2006 

On Jul 3, 2006, at 3:58 PM, Stephane Bortzmeyer wrote:

> On Sat, Jul 01, 2006 at 08:38:11PM -0700,
>  John Payne <john at sackheads.org> wrote
>  a message of 52 lines which said:
>
>> TTBOMK $employer has never supported 53/tcp and as nobody has
>> complained about it,
>
> <old_timer> I'm very skeptical about such claims. We all know (or
> should know) that many people never complain or, more exactly, never
> complain to *you* - but do report the hassles to their colleagues,
> friends, etc. The fact that they never filled in the Web form "Report
> a problem" is no proof to me.  </old_timer>

Let's just be very clear that I'm not talking FOR my employer at this  
point...
but if it was more than a significant minority that relied on TCP  
queries I am
very confident that we would have heard about it by now.  My employer  
has
a lot of customers with very high profile websites.  I was looking  
for publically
released numbers, but I can't find any right now.... but the numbers  
of hits/sec
are VERY large... and the TTLs to our A records are very low.


> <Unix_dinosaur> Most people are not able to diagnose "random" DNS
> problems and to identify the lack of TCP as the root of the
> problem. <Unix_dinosaur>

That's probably because in my experience, the lack of TCP is NEVER the
root of the problem.

>
>> Every once in a blue moon we get a "why can't we transfer our .fr
>> zone to your servers?" but that's about it.
>
> So, nobody complains but sometimes someone complains?

Nobody complains about the lack of TCP.
Sometimes people complain that they can't transfer a .fr zone to our  
servers.


Two different complaint paths, related only in AFNIC's demand for TCP.

> We sometimes (I did not check the moon at these times) have "dialogues
> of the deafs" problems with customers who use a DNS hoster.
>
> AFNIC: you should enable TCP/53
> Customer: my DNS provider does not want to
> AFNIC: you're his customer, ask him
> Customer: he does not want, he says DNS work without TCP/53
> AFNIC: can we get in touch directly with them to explain?
> Customer: do you speak english? Because I don't and I don't  
> understand them

I think the problem in that chain starts with:
AFNIC: you should enable TCP/53

More information about the dns-operations mailing list