On 21/10/2022 14:04, Hugo Salgado wrote:
But wasn't it exactly the idea with the 2019 DNS Flag Day campaign?
http://www.dnsflagday.net/2019/
I see Google's name there, so I would expect their commitment to refuse
to solve incorrect domains. They do a skinny favor to all the Internet
by returning to the workarounds, and blaming those who do well (as
Bind 9.18)
I wouldn't blame Google so quickly. The servers we're discussing in this
thread return FORMERR when the query has the COOKIE or NSID options. DNS
cookies are recommended (RFC uses "should") rather than mandated. Now,
if the Google resolver simply isn't sending these options, then it is
not affected. Similarly, a resolver like Unbound (which as far as I know
doesn't send cookies yet), will also not be affected.
While DNS cookies are not mandatory, it's not fair to point a finger at
a resolver that doesn't use this feature yet.
Regards,
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
