[dns-operations] DNS cookies in a mixed resolver anycast environment

[Tony Finch]

Hellqvist, Björn <bjorn.hellqvist at teliacompany.com> wrote:
>
> The problem was that the Authoritative parts were not responding
> properly to queries using DNS Cookie. Several important domains stopped
> working for our customers.
>
> Ever since then we have had to disable DNS Cookies upstream to the
> Authoritative servers.

Instead of turning it off completely, I added a cookie bad list.

	server ... { send-cookie no; };

The main problem was sauthns[12].qwest.net which hosts a lot of prominent
domains. I noticed in April that they now work OK, yay! All I have left in
my nocookie list is a bad loadbalancer at a bank.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
oppose all forms of entrenched privilege and inequality