[dns-operations] Check DNS-anycast-instances for same DNS Cookie
Arsen STASIC
arsen.stasic at univie.ac.at
Fri Jan 24 10:36:08 UTC 2020
Hi,
This software might be of interest for DNS anycast providers (or customers) which are running BIND.
With BIND 9.11 and newer DNS Cookies are enabled **automatically**.
While I was searching for software to check DNS Cookies and I didn't find anything.
Therefore I wrote this small Perl script to check DNS anycast instances (over their mgmt-ip) for synchronized DNS Cookies:
https://github.com/stasic/dns-cookies/
If DNS Cookies are not the same between different DNS anycast instances it may cause warnings and intermittent query retries. Therefore I suggest either synchronize them or disable them.
ISC addressed this issue in their knowledge base:
https://kb.isc.org/docs/dns-cookies-on-servers-in-anycast-clusters
happy cookie gathering
Arsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200124/e0bcaa46/attachment.sig>
More information about the dns-operations
mailing list