> On 31 Oct 2019, at 12:02 am, Bob Harold <[email protected]> wrote: > > > On Tue, Oct 29, 2019 at 9:07 PM Paul Vixie <[email protected]> wrote: > > > Mark Andrews wrote on 2019-10-27 19:24: > > ... > > > > BIND tried to fix named to reject AA=0 from authoritative servers a > > few years back but pandora.tv was returning AA=0 from all servers at > > the time and we had to back the change out. We still want to make > > that change. > > please consider making this a config option so that those of us who are > willing to endure outages for nonconforming domains can turn it on. it > could even become part of some annual so-called dns flag day. > > -- > P Vixie > > I agree. > > But if someone thinks that is too drastic, would it be reasonable to make a > config option, plus an exception list? Then someone could make exceptions > for the known cases, but break any new cases, to avoid this problem getting > any worse. > > -- > Bob Harold >
First thing is to get Google, Cloudflare etc. on board. “But it works using 8.8.8.8 or 1.1.1.1” etc. is the biggest problem with actually being able to deploy fixes. The second problem is being able to contact the server administrators. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
