From Qwest/CL: "we are aware of the issue and expect this to be resolved next month."
> > Yes please. > >> On 13 Sep 2018, at 2:45 am, Anne P. Mitchell, Esq. <[email protected]> >> wrote: >> >> >> Would you like us to send this to our Qwest/CenturyLink contact? >> >> Anne P. Mitchell, >> Attorney at Law >> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant >> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) >> Legislative Consultant >> CEO/President, Institute for Social Internet Public Policy >> Legal Counsel: The CyberGreen Institute >> Legal Counsel: The Earth Law Center >> Member, California Bar Association >> Member, Cal. Bar Cyberspace Law Committee >> Member, Colorado Cyber Committee >> Member, Board of Directors, Asilomar Microcomputer Workshop >> Ret. Professor of Law, Lincoln Law School of San Jose >> Ret. Chair, Asilomar Microcomputer Workshop >> >> >> >>> >>> I know it takes some time to upgrade DNS servers to ones that are actually >>> protocol compliant but 4+ years is ridiculous. Your servers are the only >>> ones serving the Alexa top 1M sites or the GOV zone that still return >>> BADVERS >>> to EDNS queries with a EDNS option present. This was behaviour made up by >>> your DNS vendor. The correct response to EDNS options that are not >>> understood >>> is to IGNORE them. This allows clients and servers to deploy support for >>> new options independently of each other. >>> >>> Additionally this is breaking DNSSEC validation of the signed zones your >>> clients >>> have you serving. They expect you to be using EDNS compliant name servers >>> for >>> this role which you are not. No, we are not working around this breakage >>> in the >>> resolver. >>> >>> Mark >>> >>> % dig soa frc.gov. @208.44.130.121 +norec >>> >>> ; <<>> DiG 9.12.1 <<>> soa frc.gov. @208.44.130.121 +norec >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 59707 >>> ;; flags: qr ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; Query time: 66 msec >>> ;; SERVER: 208.44.130.121#53(208.44.130.121) >>> ;; WHEN: Tue Sep 11 06:08:41 UTC 2018 >>> ;; MSG SIZE rcvd: 23 >>> >>> % dig soa frc.gov. @208.44.130.121 +norec +nocookie >>> >>> ; <<>> DiG 9.12.1 <<>> soa frc.gov. @208.44.130.121 +norec +nocookie >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16876 >>> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; QUESTION SECTION: >>> ;frc.gov. IN SOA >>> >>> ;; ANSWER SECTION: >>> frc.gov. 86400 IN SOA sauthns2.qwest.net. >>> dns-admin.qwestip.net. 2180320527 10800 3600 604800 86400 >>> >>> ;; AUTHORITY SECTION: >>> frc.gov. 86400 IN NS sauthns1.qwest.net. >>> frc.gov. 86400 IN NS sauthns2.qwest.net. >>> >>> ;; Query time: 66 msec >>> ;; SERVER: 208.44.130.121#53(208.44.130.121) >>> ;; WHEN: Tue Sep 11 06:19:33 UTC 2018 >>> ;; MSG SIZE rcvd: 145 >>> >>> % grep ednsopt=badvers reports/alexa1m.2018-08-26T00:00:06Z | grep edns=ok >>> | awk '{print $3}' | sort -u >>> (sauthns1.qwest.net.): >>> (sauthns2.qwest.net.): >>> % grep ednsopt=badvers reports-full/gov-full.2018-09-11T00:00:06Z | grep >>> edns=ok | awk '{print $3}' | sort -u >>> (sauthns1.qwest.net.): >>> (sauthns2.qwest.net.): >>> % >>> >>> -- >>> Mark Andrews, ISC >>> 1 Seymour St., Dundas Valley, NSW 2117, Australia >>> PHONE: +61 2 9871 4742 INTERNET: [email protected] >>> >> >> > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] >
