On 8/29/20 5:50 PM, Paul Hoffman wrote:
On Aug 28, 2020, at 3:24 PM, Puneet Sood via dns-operations
<[email protected]> wrote:
We would be interested in hearing other operator's experience here.
Are recursive servers seeing similar behavior from authoritative
servers? If yes, are you discarding these responses?
Are there authoritative server operators who still need the
flexibility afforded by RFC 1035?
Please note that Puneet was asking for other operators' experiences, not the
opinions of those of us who believe we should tell Google what to do. (And,
yes, I certainly put myself in the latter category.) I, too, would like to hear
if other resolver operators see this, and if possible to what extent they are
seeing it, and if we're really lucky to hear at least a few names for which
this is happening. The latter is not to name-and-shame, but instead to be able
to talk to the authoritative operators about what their configuration is so
that we can maybe guide others away from this path.
At my employer we discard this kind of responses. We could analyze how
often we see them but we wait until someone calls customer care for "DNS
not working".
To me this is similar to the endless discussion around "why can't I use
a cname in MX or NS".
RFC2181 is pretty clear about NS/MX or "Server Reply Source Address
Selection" and I don't see a reason why I should risk the stability of
my systems to make it work for a small fraction of the internet.
Just my 5ยข
Thomas
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
