RE: Enforce EDNS

> -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark > Andrews > Sent: Tuesday, February 07, 2017 4:32 PM > To: Reindl Harald <h.rei...@thelounge.net> > Cc: bind-us...@isc.org > Subject: Re: Enforce EDNS > > >

Re: Enforce EDNS

In message <4b0243b1-1c89-023b-f3f3-7279216d5...@thelounge.net>, Reindl Harald writes: > > > Am 07.02.2017 um 22:11 schrieb Mark Andrews: > > In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Har > ald wr > > ites: > >>> Break them. That's the only way it will eventually

Re: Enforce EDNS

On 2/7/17 3:11 PM, Mark Andrews wrote: >>> Break them. That's the only way it will eventually get fixed >> >> if things would be that easy >> >> the admins of the broken servers ar the very last which are affected, >> admins with a recent named have to bite the bullet of user terror and >>

Re: Enforce EDNS

Am 07.02.2017 um 22:11 schrieb Mark Andrews: In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Harald wr ites: Break them. That's the only way it will eventually get fixed if things would be that easy the admins of the broken servers ar the very last which are

Re: Enforce EDNS

In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Harald wr ites: > > > Am 07.02.2017 um 18:13 schrieb Chuck Anderson: > > On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote: > >> I really don't want to add new automatic work arounds for broken > >> servers but

Re: Enforce EDNS

From: Matthew Pounsett > I fully support breaking resolution for such servers. I'd rather > have a hard failure on my end that I can investigate, and work > around if necessary, than have my server wasting cycles trying to > guess what sort of broken state there is on the

Re: Enforce EDNS

Am 07.02.2017 um 18:13 schrieb Chuck Anderson: On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote: I really don't want to add new automatic work arounds for broken servers but it requires people being willing to accepting that lookups will fail. That manual work arounds will now

Re: Enforce EDNS

On 6 February 2017 at 19:59, Mark Andrews wrote: > > Unfortunately we then need to decide what to do with servers that > don't answer EDNS + DNS COOKIE queries. Currently we fall back to > plain DNS which works except when there is a signed zone involved > and the server is

Re: Enforce EDNS

On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote: > I really don't want to add new automatic work arounds for broken > servers but it requires people being willing to accepting that > lookups will fail. That manual work arounds will now have to > be done. e.g. "server ... {

Re: Enforce EDNS

In message , Daniel Stirnimann writes: Hello all, Our resolver failed to contact an upstream name server as a result of network connectivity issues. named retries eventually worked but as it reverted back to not using EDNS and the answer should

Re: Enforce EDNS

Hi there, On Tue, 7 Feb 2017, Mark Andrews wrote: I really don't want to add new automatic work arounds for broken servers but it requires people being willing to accepting that lookups will fail. That manual work arounds will now have to be done. e.g. "server ... { send-cookie no; };" +2

Re: Enforce EDNS

> Named doesn't have a switch to force EDNS though I suppose we could > add one to 9.12. e.g. server ... { edns force; }; I would find this useful. > I really don't want to add new automatic work arounds for broken > servers but it requires people being willing to accepting that > lookups will

Re: Enforce EDNS

In message , Daniel Stirnimann writes: > Hello all, > > Our resolver failed to contact an upstream name server as a result of > network connectivity issues. named retries eventually worked but as it > reverted back to not using EDNS and the answer