[dns-operations] DNS at FOSDEM 2016

Florian Weimer fw at deneb.enyo.de
Fri Feb 12 17:27:10 UTC 2016


* Marek Vavruša:

> the endpoint and that is error reporting from the resolver. DNS
> error responses from the resolvers are a joke: spoofed DNSSEC answer
> - client gets SERVFAIL, upstream is too slow - client gets SERVFAIL,
> too long CNAME chain - SERVFAIL, ... what the user gets from the
> browser is a blank page with a generic excuse and that's about that.

It's particularly bad for the stub resolver because it's not clear if
you should try another name server if you receive a SERVFAIL response
from the first one.

Florian




More information about the dns-operations mailing list