[dns-operations] DNS cookie bugs

Mark Andrews marka at isc.org
Thu Dec 7 21:01:04 UTC 2017

BADCOOKIE does not imply a bug.

BADCOOKIE is returned for too old cookies.
BADCOOKIE is returned for COOKIE options without server cookies (off  by default in named).
BADCOOKIE is returned when secrets change (a anycast server with different secrets in instances can behave like this).

> On 8 Dec 2017, at 2:04 am, Tony Finch <dot at dotat.at> wrote:
> Is anyone collecting details of servers that respond with bad DNS cookie
> options?
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
> Hebrides, Bailey: North or northwest gale 8 to storm 10, occasionally violent
> storm 11 at first in Hebrides. High or very high, occasionally phenomenal at
> first in Hebrides. Snow showers. Poor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list