* Warren Kumari: > On Mon, Aug 31, 2020 at 2:11 PM Florian Weimer <[email protected]> wrote: >> >> * Puneet Sood via dns-operations: >> >> > We would be interested in hearing other operator's experience here. >> > Are recursive servers seeing similar behavior from authoritative >> > servers? If yes, are you discarding these responses? >> > Are there authoritative server operators who still need the >> > flexibility afforded by RFC 1035? >> >> If I recall correctly, while helping to run an academic network I >> encountered this issue on the authoritative server side. That was >> close to twenty years ago, and even back then, it did not occur to us >> to push the resolvers to accept these incorrectly sourced responses, >> instead of getting the authoritative server operator to fix their >> setup. > > The bit that I'm failing to understand is why these continue to exist > -- if everyone (or, everyone other than Google) are ignoring / > dropping these, how / why are they still on the Internet? Is it just > the $whatever are sending these are always deployed next to something > that ain't broke and the operator just hasn't noticed? > Or are perhaps more things accepting these than we expect?
If such problems exist, they might not occur consistently for all source addresses. A subset of client addresses can route the response in such a way that the expected source address is produced on the public Internet. Or the affected zones have other name servers that hide the problem until you start looking for it. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
