[dns-operations] Nameserver responses from different IP than destination of request

Thomas Mieslinger miesi at mail.com
Mon Aug 31 07:40:31 UTC 2020


On 8/29/20 5:50 PM, Paul Hoffman wrote:
> On Aug 28, 2020, at 3:24 PM, Puneet Sood via dns-operations <dns-operations at dns-oarc.net> wrote:
>> We would be interested in hearing other operator's experience here.
>> Are recursive servers seeing similar behavior from authoritative
>> servers? If yes, are you discarding these responses?
>> Are there authoritative server operators who still need the
>> flexibility afforded by RFC 1035?
>
> Please note that Puneet was asking for other operators' experiences, not the opinions of those of us who believe we should tell Google what to do. (And, yes, I certainly put myself in the latter category.) I, too, would like to hear if other resolver operators see this, and if possible to what extent they are seeing it, and if we're really lucky to hear at least a few names for which this is happening. The latter is not to name-and-shame, but instead to be able to talk to the authoritative operators about what their configuration is so that we can maybe guide others away from this path.

At my employer we discard this kind of responses. We could analyze how
often we see them but we wait until someone calls customer care for "DNS
not working".

To me this is similar to the endless discussion around "why can't I use
a cname in MX or NS".

RFC2181 is pretty clear about NS/MX or "Server Reply Source Address
Selection" and I don't see a reason why I should risk the stability of
my systems to make it work for a small fraction of the internet.

Just my 5¢

Thomas




More information about the dns-operations mailing list