[dns-operations] Experiences with a post 2019 Flag Day Resolver
Mark Andrews
marka at isc.org
Mon Sep 16 22:00:38 UTC 2019
> On 17 Sep 2019, at 4:58 am, manu tman <chantr4 at gmail.com> wrote:
>
> On Mon, Sep 16, 2019 at 11:30 AM Shumon Huque <shuque at gmail.com> wrote:
>
> Google Public DNS sends the EDNS Client Subnet option to authority servers that we run, and presumably to those broken servers too. We cannot observe the conversation between Google and the broken sites, but since they resolve, we assume that they might at least have a workaround to retry such sites without ECS (or maybe a dynamically maintained ECS blacklist is in use). Perhaps, a Google Public DNS operator can confirm or disconfirm this.
>
>
> Obviously not for Google Public DNS, but last I remember, they would probe the name servers to see if they support ECS, if they do then they will start sending ECS. Therefore I would assume those misbehaving name sergers are failing the probe test and hence Google Public DNS will not send ECS to them.
>
> Manu
ECS is also a white list option because of broken servers and the fact that there are only relatively small numbers of servers that return ECS aware answers.
> --
> Shumon Huque
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list