[dns-operations] DNS cookies in a mixed resolver anycast environment

Ondřej Surý ondrej at sury.org
Fri May 31 17:05:19 UTC 2019


 The whole point of DNS Flag Day is that we don’t have any obligation to resolve domains running on broken DNS server. It have become “fix you sh^Htuff” instead of “fix our stuff” how it have been before.

Also it’s perfectly OK (on technical level) to not support EDNS, but in this particular case (p4.no) it’s the fact that the server returns FORMERR + OPT RR that’s causing the resolution failure as 6891 says:

> Responders that choose not to implement the protocol extensions
defined in this document MUST respond with a return code (RCODE) of FORMERR to messages containing an OPT record in the additional section and MUST NOT include an OPT record in the response.

Cheers,
Ondrej
--
Ondřej Surý <ondrej at sury.org>

On 31 May 2019, at 18:01, sthaug at nethelp.no wrote:

>> During the period, the oldest encounter and one of the most critical was a 17 year old Authoritative Servers running Windows DNS. They have now fixed this, it took around 6 months for them. I believe they were not alone. 
>> 
>> Just because 99.9% looks OK in statistics, does not mean that it really work in real life scenarios. Businesses and Government organs still think that "DNS is old and easy service, we do not need to update". 
>> 
>> Even if and when we reach out, there are instances that does not listen and still think it is our fault.
> 
> And there are authors of DNS software out there who have no plans to
> implement EDNS (not even minimalist correct answers) - read the mail
> thread at
> 
>       https://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
> and weep. No, it's not really about PowerDNS.
> 
> Steinar Haug, AS2116
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190531/0db29060/attachment.html>


More information about the dns-operations mailing list