[dns-operations] Very strange DNS bug at Hurricane Electric

Florian Weimer fw at deneb.enyo.de
Tue Mar 22 10:22:33 UTC 2016

* Stephane Bortzmeyer:

> On Mon, Mar 21, 2016 at 06:13:35PM +0100,
>  Florian Weimer <fw at deneb.enyo.de> wrote 
>  a message of 32 lines which said:
>> This test is not valid for an authoritative server because you sent
>> an RD=1 query.
> It is valid. When the authoritative server works (as it does now, the
> problem is fixed), it is not a problem if I request a recursion it
> does not want to provide:

It does not work in general.  I was surprised to learn this a couple
of years ago, but back then, SERVFAIL responses to RD=1 queries were
significantly more lokily than for otherwise identical RD=0 query,
even for supposedly well-run TLD servers.  This was before RRL and
other protocol changes.

More information about the dns-operations mailing list