Am 06.05.22 um 12:24 schrieb Ted Mittelstaedt:
On 5/6/2022 12:45 AM, Reindl Harald wrote:
in the past our CISCO ISP router with "DNS ALG" even rewrote zone
transfers and invented a zero TTL for each and every CNAME it saw
Probably doing that to retaliate for dynamic DNS providers
> On 6. 5. 2022, at 12:24, Ted Mittelstaedt wrote:
>
> You got caught in the crossfire of that particular war.
Nah, it was just crappy implementation and somebody at Cisco not understanding
the RFC. I remember that - at my previous job we had a ticket opened with them
about this particular
On 5/6/2022 12:45 AM, Reindl Harald wrote:
in the past our CISCO ISP router with "DNS ALG" even rewrote zone
transfers and invented a zero TTL for each and every CNAME it saw
Probably doing that to retaliate for dynamic DNS providers abusing DNS
and people abusing dynamic DNS
On 5/5/2022 11:19 PM, Bjørn Mork wrote:
Mark Andrews writes:
How about configuring forwarder(s) if you have to operate a resolver in
such an environment? Hoping that the answer from the intercepting
server isn't too different from what you'd expect from a forwarder.
In my environment,
Am 06.05.22 um 08:19 schrieb Bjørn Mork:
Mark Andrews writes:
It’s a long known issue with so called “Transparent” DNS
proxies/accelerators/firewalls. Iterative resolvers expect to talk to
authoritative servers. They ask questions differently to the way they
do when they talk to a
> On 6. 5. 2022, at 8:19, Bjørn Mork wrote:
>
> How about configuring forwarder(s) if you have to operate a resolver in
> such an environment? Hoping that the answer from the intercepting
> server isn't too different from what you'd expect from a forwarder.
I would personally go with VPN as a
Mark Andrews writes:
> It’s a long known issue with so called “Transparent” DNS
> proxies/accelerators/firewalls. Iterative resolvers expect to talk to
> authoritative servers. They ask questions differently to the way they
> do when they talk to a recursive server. Answers from different
>
It’s a long known issue with so called “Transparent” DNS
proxies/accelerators/firewalls. Iterative resolvers expect to talk to
authoritative servers. They ask questions differently to the way they do when
they talk to a recursive server. Answers from different levels of the DNS
hierarchy
Thought I would document this in case anyone else gets bit by it
I have several nameservers and other servers on a Comcast copper
connection (cable internet) in the office using a Technicolor Business
Router CGA4131COM modem. This is Comcast's de-facto standard modem as
of 2022 for
9 matches
Mail list logo