On Mon, 3 Jun 2013, Frank Bulk (iname.com) wrote:
I have asked why they just didn't remove the AAAA while troubleshooting.
.... or just give RST to any TCP connection to that specific IP.
DNS might be hard for a "network engineer" to have changed. Returning RST
should be a lot easier to accomplish. I have successfully had a "bad
behaviour" website implement this. They had fully working TCP/80, but they
did not have fully working HTTPS (TCP/443), and were giving a "we don't
support secure login over IPv6" page there. So after a few months I
suggested via back channels that they just give RST on 443 instead, and
all browsers I could test with promptly fell back to IPv4 for TCP/443
communication.
--
Mikael Abrahamsson email: [email protected]
