[dns-operations] The last remaining DNS header flag.
Mark Andrews
marka at isc.org
Fri May 10 21:28:19 UTC 2019
There are cases where you need to signal in the header.
The bit isn’t lost. It just requires a bit of concerted effort to get it back.
Stage 1. Have a period where you notify operators that their name servers are broken.
Stage 2. Have delegations pulled for zones with misbehaving servers until they are fixed. This is done with notifications and a grace period to fix.
Stage 2. Declare a flag day and send queries with the bit set after that day and don’t recover from dropped queries (Cloudflare your servers do this there may be others I just noticed yours) and drop responses with the bit echoed. Send packets like this for a year.
This last stage catches servers deeper in the tree.
There are a few DNS hosters that need to spend 10 minutes fixing their code. And most of the problems are gone.
Mark
--
Mark Andrews
> On 11 May 2019, at 01:51, Paul Vixie <paul at redbarn.org> wrote:
>
> you're brave. i consider that bit lost, and that any new signaling will have
> to use EDNS.
>
>
More information about the dns-operations
mailing list