[Ext] [dns-operations] Nameserver responses from different IP than destination of request

Puneet Sood puneets at google.com
Mon Aug 31 16:44:58 UTC 2020

On Sat, Aug 29, 2020 at 11:50 AM Paul Hoffman <paul.hoffman at icann.org> wrote:
> On Aug 28, 2020, at 3:24 PM, Puneet Sood via dns-operations <dns-operations at dns-oarc.net> wrote:
> > We would be interested in hearing other operator's experience here.
> > Are recursive servers seeing similar behavior from authoritative
> > servers? If yes, are you discarding these responses?
> > Are there authoritative server operators who still need the
> > flexibility afforded by RFC 1035?
> Please note that Puneet was asking for other operators' experiences, not the opinions of those of us who believe we should tell Google what to do. (And, yes, I certainly put myself in the latter category.) I, too, would like to hear if other resolver operators see this, and if possible to what extent they are seeing it, and if we're really lucky to hear at least a few names for which this is happening. The latter is not to name-and-shame, but instead to be able to talk to the authoritative operators about what their configuration is so that we can maybe guide others away from this path.

Paul is right. We do plan to close this oversight in our
request/response validation. Before doing that we wanted to see how
prevalent it is and not cause unnecessary breakage.


> --Paul Hoffman

More information about the dns-operations mailing list