On Wed, Oct 30, 2019 at 11:30 PM Mark Andrews <[email protected]> wrote: > > On 31 Oct 2019, at 12:02 am, Bob Harold <[email protected]> wrote: > > On Tue, Oct 29, 2019 at 9:07 PM Paul Vixie <[email protected]> wrote: > > Mark Andrews wrote on 2019-10-27 19:24: > > > ... > > > > > > BIND tried to fix named to reject AA=0 from authoritative servers a > > > few years back but pandora.tv was returning AA=0 from all servers at > > > the time and we had to back the change out. We still want to make > > > that change. > > > > please consider making this a config option so that those of us who are > > willing to endure outages for nonconforming domains can turn it on. it > > could even become part of some annual so-called dns flag day. > > > > -- > > P Vixie > > > > I agree. > > > > But if someone thinks that is too drastic, would it be reasonable to make a > > config option, plus an exception list? Then someone could make exceptions > > for the known cases, but break any new cases, to avoid this problem getting > > any worse. > > > > -- > > Bob Harold > > First thing is to get Google, Cloudflare etc. on board. “But it works using > 8.8.8.8 or 1.1.1.1” etc. > is the biggest problem with actually being able to deploy fixes. The second > problem is being able > to contact the server administrators.
For y'all's information, PowerDNS Recursor rejects non-AA responses. It used to accept them until, I believe, earlier this year. They're tracking broken zones in an issue: <https://github.com/PowerDNS/pdns/issues/8150> -- Matt Nordhoff _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
