[dns-operations] [Ext] Nameserver responses from different IP than destination of request

[Paul Hoffman]

On Aug 31, 2020, at 12:40 AM, Thomas Mieslinger <miesi at mail.com> wrote:
> 
> On 8/29/20 5:50 PM, Paul Hoffman wrote:
>> On Aug 28, 2020, at 3:24 PM, Puneet Sood via dns-operations <dns-operations at dns-oarc.net> wrote:
>>> We would be interested in hearing other operator's experience here.
>>> Are recursive servers seeing similar behavior from authoritative
>>> servers? If yes, are you discarding these responses?
>>> Are there authoritative server operators who still need the
>>> flexibility afforded by RFC 1035?
>> 
>> Please note that Puneet was asking for other operators' experiences, not the opinions of those of us who believe we should tell Google what to do. (And, yes, I certainly put myself in the latter category.) I, too, would like to hear if other resolver operators see this, and if possible to what extent they are seeing it, and if we're really lucky to hear at least a few names for which this is happening. The latter is not to name-and-shame, but instead to be able to talk to the authoritative operators about what their configuration is so that we can maybe guide others away from this path.
> 
> At my employer we discard this kind of responses. We could analyze how
> often we see them but we wait until someone calls customer care for "DNS
> not working".

A percentage of responses would be great, as would the percentage of the authoritative servers doing this. And, yes, I totally get that I'm asking you to do work that you don't need to do because the customers aren't calling.

--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3935 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200831/18be85f2/attachment.bin>