Anyone know of any resolvers that suffer horribly and die when presented with an NS host which is AAAA-only?
Since turning on RRL, I'm seeing a few different netblocks hit rate-limits for "nlns6.globnix.net IN A". Frankly, I'm happy to limit my responses to buggy clients which chew my bandwidth (another win for RRL), but am wondering if anyone knows if there's some particular software at fault? I doubt that a small NOERROR response is a deliberate amplification attack, so bug seems more likely. Thanks, -Phil (nlns.globnix.net has nlns4 and nlns6, and all three are available as NS glue, and this is deliberate; most of my zones are now using dual-stacked hostnames, but years ago when I set this approach up, I was concerned by buggy IPv4-only hosts which would barf if all resolvers were dual-stacked. I'm keeping these around, in part for a friend who has an experiment with an IPv6-only-NS domain.) _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
