[dns-operations] sophosxl.net problem?

Mark Andrews marka at isc.org
Wed Oct 30 23:27:11 UTC 2019



> On 31 Oct 2019, at 12:02 am, Bob Harold <rharolde at umich.edu> wrote:
> 
> 
> On Tue, Oct 29, 2019 at 9:07 PM Paul Vixie <paul at redbarn.org> wrote:
> 
> 
> Mark Andrews wrote on 2019-10-27 19:24:
> > ...
> > 
> > BIND tried to fix named to reject AA=0 from authoritative servers a
> > few years back but pandora.tv was returning AA=0 from all servers at
> > the time and we had to back the change out.  We still want to make
> > that change.
> 
> please consider making this a config option so that those of us who are 
> willing to endure outages for nonconforming domains can turn it on. it 
> could even become part of some annual so-called dns flag day.
> 
> -- 
> P Vixie
> 
> I agree.
> 
> But if someone thinks that is too drastic, would it be reasonable to make a config option, plus an exception list?   Then someone could make exceptions for the known cases, but break any new cases, to avoid this problem getting any worse.
> 
> -- 
> Bob Harold
> 

First thing is to get Google, Cloudflare etc. on board.  “But it works using 8.8.8.8 or 1.1.1.1” etc.
is the biggest problem with actually being able to deploy fixes.  The second problem is being able
to contact the server administrators.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org




More information about the dns-operations mailing list