[dns-operations] Using all the addresses of every name server? (Was: ANY efforts at taking additional responses more compact?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Sep 12 18:49:34 UTC 2016
On Mon, Sep 12, 2016 at 11:30:56AM -0600,
Paul Vixie <paul at redbarn.org> wrote
a message of 25 lines which said:
> if i get an icmp unreachable for udp/53 on one address belonging to
> a name server, then it is reasonable for me to assume i'll get the
> same from the other addresses of the same name server.
I do not find it reasonable at all. It was unreasonable for several
IPv4 addresses and it is even less reasonable when there are IPv4 and
IPv6 addresses.
For instance, what if there is a badly managed firewall and an ACL
blocking (with ICMP reject) one address but not the others?
More information about the dns-operations
mailing list