[dns-operations] sophosxl.net problem?

Matt Nordhoff lists at mn0.us
Mon Nov 11 01:30:00 UTC 2019


On Wed, Oct 30, 2019 at 11:30 PM Mark Andrews <marka at isc.org> wrote:
> > On 31 Oct 2019, at 12:02 am, Bob Harold <rharolde at umich.edu> wrote:
> > On Tue, Oct 29, 2019 at 9:07 PM Paul Vixie <paul at redbarn.org> wrote:
> > Mark Andrews wrote on 2019-10-27 19:24:
> > > ...
> > >
> > > BIND tried to fix named to reject AA=0 from authoritative servers a
> > > few years back but pandora.tv was returning AA=0 from all servers at
> > > the time and we had to back the change out.  We still want to make
> > > that change.
> >
> > please consider making this a config option so that those of us who are
> > willing to endure outages for nonconforming domains can turn it on. it
> > could even become part of some annual so-called dns flag day.
> >
> > --
> > P Vixie
> >
> > I agree.
> >
> > But if someone thinks that is too drastic, would it be reasonable to make a config option, plus an exception list?   Then someone could make exceptions for the known cases, but break any new cases, to avoid this problem getting any worse.
> >
> > --
> > Bob Harold
>
> First thing is to get Google, Cloudflare etc. on board.  “But it works using 8.8.8.8 or 1.1.1.1” etc.
> is the biggest problem with actually being able to deploy fixes.  The second problem is being able
> to contact the server administrators.

For y'all's information, PowerDNS Recursor rejects non-AA responses.
It used to accept them until, I believe, earlier this year.

They're tracking broken zones in an issue:

<https://github.com/PowerDNS/pdns/issues/8150>
-- 
Matt Nordhoff




More information about the dns-operations mailing list