[dns-operations] edns-client-subnet capable authorities?

David C Lawrence tale at akamai.com
Thu Jul 20 11:51:17 UTC 2017

Mark Andrews writes:
> In making a decision about whether to probe or white list you may want
> to look at https://ednscomp.isc.org/compliance/summary.html which has
> graphs of the failure modes for unknown EDNS options.

Good point, Mark.  I will point out that our own recursive team didn't
want to have to deal with whitelists either (which is perfectly
rational) and just thought they'd use it everywhere.

Personally I didn't think this was great philosophically, but
independent of my feelings on the matter it turned out to be terrible
in real world operational terms.

At least a couple of the Alexa Top 1000 domains would just black-hole
queries that had ECS.  No reply, timeout.  Of course a resolver would
have a hard time automatically interpreting the cause of the timeout
and would have to do extra work to id the problem as likely because of
the presence of the option.

More information about the dns-operations mailing list