Re: Question about expected recursive resolver behavior

[Sarah Newman]

On 4/23/20 12:41 PM, Chuck Aurora wrote:

On 2020-04-23 14:16, Sarah Newman wrote:

What should happen when for a given domain:

- The domain resolves via TCP but not UDP - UDP for this domain had no
response at all.
- That authoritative nameserver hosts other domains, and those domains
resolve via UDP.


Do you have an example for this?  I don't get the "no response on UDP"
part.  If the same nameserver is answering other queries on UDP, why
wouldn't at least send a REFUSED reply?

Perhaps REFUSED has been disabled somehow; that could be tested by
querying it for other non-hosted zones,

dig @ ns isc.org.


Here is my example, but it's been fixed now:

https://prgmr.com/blog/2020/04/23/debugging-freebsd-resolution-failure.html

REFUSED hasn't been disabled.

I bring this up because we had customers complaining about our resolvers not 
working and I don't know if we could/should have done better.

--Sarah
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Question about expected recursive resolver behavior

[Sarah Newman]

What should happen when for a given domain:

- The domain resolves via TCP but not UDP - UDP for this domain had no response 
at all.
- That authoritative nameserver hosts other domains, and those domains resolve 
via UDP.

I found 
https://www.isc.org/blogs/refinements-to-edns-fallback-behavior-can-cause-different-outcomes-in-recursive-servers/
but I'm not sure if this case is covered or not.

--Sarah
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users