Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-23 Thread Sandro
On 23-10-2022 01:18, Crist Clark wrote: On Sat, Oct 22, 2022 at 3:20 PM Sandro wrote: [snip] Doing favors for the better good does not seem to be in their dictionary. Look at DNSSEC. Do you mean signing their domains or their public resolver services? I was referring to signing their

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-22 Thread Crist Clark
On Sat, Oct 22, 2022 at 3:20 PM Sandro wrote: [snip] > Doing favors for the better good does not seem to be in their > dictionary. Look at DNSSEC. > Do you mean signing their domains or their public resolver services? https://developers.google.com/speed/public-dns/faq Does Google Public DNS

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-22 Thread Sandro
On 21-10-2022 16:53, Ondřej Surý wrote: there are two layers- Google certainly doesn’t do anything wrong, but they would do a world a favor if there was a stronger push towards compliance with DNS protocol. That's the conundrum with big tech. If it serves them well, they will force others to

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-21 Thread Ondřej Surý
Anand, there are two layers- Google certainly doesn’t do anything wrong, but they would do a world a favor if there was a stronger push towards compliance with DNS protocol. On the authoritative side - it’s certainly true that neither DNS Cookies nor NSID is mandatory, but the part that is

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-21 Thread Andreas S. Kerber
Am Fri, Oct 21, 2022 at 01:21:36PM +0200 schrieb Borja Marcos: > But tell your customer that their email message didn’t arrive on time because > the recipient has a misconfigured DNS server and > try to explain to them that, yes, Google resolved it successfully but you are > working for the

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-21 Thread Anand Buddhdev
On 21/10/2022 14:04, Hugo Salgado wrote: But wasn't it exactly the idea with the 2019 DNS Flag Day campaign? http://www.dnsflagday.net/2019/ I see Google's name there, so I would expect their commitment to refuse to solve incorrect domains. They do a skinny favor to all the Internet by

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-21 Thread Hugo Salgado
> > On 21 Oct 2022, at 12:23, Ondřej Surý wrote: > > > > What you are really saying that we should dance how tech giants whistle, > > and I don’t think succumbing to tech giants is a good strategy long term. > > Not at all and I agree with you. > > But tell your customer that their email

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-21 Thread Borja Marcos
> On 21 Oct 2022, at 12:23, Ondřej Surý wrote: > > What you are really saying that we should dance how tech giants whistle, and > I don’t think succumbing to tech giants is a good strategy long term. Not at all and I agree with you. But tell your customer that their email message didn’t

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-21 Thread Ondřej Surý
What you are really saying that we should dance how tech giants whistle, and I don’t think succumbing to tech giants is a good strategy long term. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-21 Thread Borja Marcos
> On 21 Oct 2022, at 03:51, Mark Andrews wrote: > >> >> Of course I would prefer to upgrade back to 9.18.X, but I guess I won't be able to find all EDNS0 incompatible servers and loosing customers to 8.8.8.8 - which is able to resolve these names.. >>> This is kind of moot

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-20 Thread Mark Andrews
> On 20 Oct 2022, at 22:49, Andreas S. Kerber wrote: > > Am Thu, Oct 20, 2022 at 01:23:47PM +0200 schrieb Ondřej Surý: >> did you try writing to elbrev.com operators to fix >> their servers to stop breaking DNS protocol? It often helps. (I'm ccing the >> contact in their

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-20 Thread Ondřej Surý
https://bind9.readthedocs.io/en/v9_18_8/chapter9.html?highlight=cookie -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 20. 10. 2022, at 13:49, Andreas S. Kerber

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-20 Thread Andreas S. Kerber
Am Thu, Oct 20, 2022 at 01:23:47PM +0200 schrieb Ondřej Surý: > did you try writing to elbrev.com operators to fix their > servers to stop breaking DNS protocol? It often helps. (I'm ccing the contact > in their SOA records, so let's see if anything happens.) > > It's not

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-20 Thread Ondřej Surý
Hi, did you try writing to elbrev.com operators to fix their servers to stop breaking DNS protocol? It often helps. (I'm ccing the contact in their SOA records, so let's see if anything happens.) It's not lack of EDNS0 support, but they fail to properly process unknown

FORMERR responses after upgrading resolver from 9.16 to 9.18.8

2022-10-20 Thread Andreas S. Kerber
I've just finished upgrading our last resolver from 9.16 to 9.18.8 a few days ago. As it turn out a number of zones are no longer resolveable with 9.18. Some nameservers out there don't seem to support EDNS0 and the number of FORMERR responses in our resolver logs went up quite a bit. Here's