[dns-operations] sophosxl.net problem?
lists at mn0.us
Mon Nov 11 01:30:00 UTC 2019
On Wed, Oct 30, 2019 at 11:30 PM Mark Andrews <marka at isc.org> wrote:
> > On 31 Oct 2019, at 12:02 am, Bob Harold <rharolde at umich.edu> wrote:
> > On Tue, Oct 29, 2019 at 9:07 PM Paul Vixie <paul at redbarn.org> wrote:
> > Mark Andrews wrote on 2019-10-27 19:24:
> > > ...
> > >
> > > BIND tried to fix named to reject AA=0 from authoritative servers a
> > > few years back but pandora.tv was returning AA=0 from all servers at
> > > the time and we had to back the change out. We still want to make
> > > that change.
> > please consider making this a config option so that those of us who are
> > willing to endure outages for nonconforming domains can turn it on. it
> > could even become part of some annual so-called dns flag day.
> > --
> > P Vixie
> > I agree.
> > But if someone thinks that is too drastic, would it be reasonable to make a config option, plus an exception list? Then someone could make exceptions for the known cases, but break any new cases, to avoid this problem getting any worse.
> > --
> > Bob Harold
> First thing is to get Google, Cloudflare etc. on board. “But it works using 188.8.131.52 or 184.108.40.206” etc.
> is the biggest problem with actually being able to deploy fixes. The second problem is being able
> to contact the server administrators.
For y'all's information, PowerDNS Recursor rejects non-AA responses.
It used to accept them until, I believe, earlier this year.
They're tracking broken zones in an issue:
More information about the dns-operations