[dns-operations] DNS at FOSDEM 2016
Florian Weimer
fw at deneb.enyo.de
Fri Feb 12 17:27:10 UTC 2016
* Marek Vavruša:
> the endpoint and that is error reporting from the resolver. DNS
> error responses from the resolvers are a joke: spoofed DNSSEC answer
> - client gets SERVFAIL, upstream is too slow - client gets SERVFAIL,
> too long CNAME chain - SERVFAIL, ... what the user gets from the
> browser is a blank page with a generic excuse and that's about that.
It's particularly bad for the stub resolver because it's not clear if
you should try another name server if you receive a SERVFAIL response
from the first one.
Florian
More information about the dns-operations
mailing list