[dns-operations] The possible problems after May 5th
Shumon Huque
shuque at isc.upenn.edu
Fri Apr 9 13:41:39 UTC 2010
On Thu, Apr 08, 2010 at 02:21:28PM -0700, Matthew Dempsky wrote:
>
> For fun, I patched dnscache to only send queries over TCP and then
> tried resolving a bunch of popular domain names with it.
[...]
> I also tried a bunch of other names that randomly came to mind, and
> found these didn't resolve either:
>
> [...]
> www.upenn.edu
This is ours, so I'll comment. The upenn.edu nameservers do answer
over TCP. The "www.upenn.edu" domain name in particular is Akamaized,
and Akamai's nameservers don't answer over TCP. As long as their
answers remain within 512B, things should work.
(And yes, I'm aware of the self-inflicted problems caused by the
decision to use Akamai: we can't secure the name->IP mapping for
www.upenn.edu because Akamai hasn't deployed DNSSEC. We also can't
offer www.upenn.edu over IPv6 because Akamai doesn't do IPv6, ...)
--Shumon.
More information about the dns-operations
mailing list