[dns-operations] Very strange DNS bug at Hurricane Electric
Florian Weimer
fw at deneb.enyo.de
Tue Mar 22 10:22:33 UTC 2016
* Stephane Bortzmeyer:
> On Mon, Mar 21, 2016 at 06:13:35PM +0100,
> Florian Weimer <fw at deneb.enyo.de> wrote
> a message of 32 lines which said:
>
>> This test is not valid for an authoritative server because you sent
>> an RD=1 query.
>
> It is valid. When the authoritative server works (as it does now, the
> problem is fixed), it is not a problem if I request a recursion it
> does not want to provide:
It does not work in general. I was surprised to learn this a couple
of years ago, but back then, SERVFAIL responses to RD=1 queries were
significantly more lokily than for otherwise identical RD=0 query,
even for supposedly well-run TLD servers. This was before RRL and
other protocol changes.
More information about the dns-operations
mailing list