Thankfully cdc.gov is also served by auth00.ns.uu.net and auth100.ns.uu.net
and they aren’t serving a incomplete version of akam.cdc.gov. Recursive
servers will eventually get a valid referral rather than bogus (unsigned)
answers from ns[123].cdc.gov for akam.cdc.gov.
Mark
> On 1 Sep 2020, at
On Tue, Sep 01, 2020 at 01:36:49AM +, Paul Hoffman wrote:
> On Aug 31, 2020, at 6:02 PM, Brian Dickson
> wrote:
> > I think the only way to get meaningful data would be an active experiment,
> > involving an authority server (or set of servers) for a domain set up just
> > this way.
>
> We
On Aug 31, 2020, at 6:02 PM, Brian Dickson
wrote:
> I think the only way to get meaningful data would be an active experiment,
> involving an authority server (or set of servers) for a domain set up just
> this way.
We disagree. Another way to get meaningful data would be from someone's logs,
On Mon, Aug 31, 2020 at 08:00:00PM +0200, Florian Weimer wrote:
> * Puneet Sood via dns-operations:
>
> > We would be interested in hearing other operator's experience here.
> > Are recursive servers seeing similar behavior from authoritative
> > servers? If yes, are you discarding these
On Mon, Aug 31, 2020 at 5:09 PM Paul Hoffman wrote:
> On Aug 31, 2020, at 2:47 PM, Viktor Dukhovni
> wrote:
> >
> > Quite likely the domains that are completely broken (none of the
> > nameservers respond from the right IP) are simply parked, and nobody
> > cares whether they they actually work
On Tue, Sep 01, 2020 at 12:01:07AM +, Paul Hoffman wrote:
> On Aug 31, 2020, at 2:47 PM, Viktor Dukhovni wrote:
> >
> > Quite likely the domains that are completely broken (none of the
> > nameservers respond from the right IP) are simply parked, and nobody
> > cares whether they they
On Aug 31, 2020, at 2:47 PM, Viktor Dukhovni wrote:
>
> Quite likely the domains that are completely broken (none of the
> nameservers respond from the right IP) are simply parked, and nobody
> cares whether they they actually work or not.
>
> The only reason you're seeing queries for them may
On Mon, Aug 31, 2020 at 02:19:08PM -0400, Warren Kumari wrote:
> The bit that I'm failing to understand is why these continue to exist
> -- if everyone (or, everyone other than Google) are ignoring /
> dropping these, how / why are they still on the Internet? Is it just
> the $whatever are
* Warren Kumari:
> On Mon, Aug 31, 2020 at 2:11 PM Florian Weimer wrote:
>>
>> * Puneet Sood via dns-operations:
>>
>> > We would be interested in hearing other operator's experience here.
>> > Are recursive servers seeing similar behavior from authoritative
>> > servers? If yes, are you
On 8/31/20 12:40 PM, Puneet Sood via dns-operations wrote:
> Is there an online tool that does mark up on RFCs to show which other
> RFCs are referring to specific sections in it?
I suspect you may find:
https://powerdns.org/dns-camel/
helpful here.
Keith
* Puneet Sood via dns-operations:
> We would be interested in hearing other operator's experience here.
> Are recursive servers seeing similar behavior from authoritative
> servers? If yes, are you discarding these responses?
> Are there authoritative server operators who still need the
>
--- Begin Message ---
On Sat, Aug 29, 2020 at 11:50 AM Paul Hoffman wrote:
>
> On Aug 28, 2020, at 3:24 PM, Puneet Sood via dns-operations
> wrote:
> > We would be interested in hearing other operator's experience here.
> > Are recursive servers seeing similar behavior from authoritative
> >
--- Begin Message ---
On Sat, Aug 29, 2020 at 12:18 AM Robert Edmonds wrote:
>
> Puneet Sood via dns-operations wrote:
> > RFC 1035 section 7.3 (https://tools.ietf.org/html/rfc1035)
> > Some name servers send their responses from different
> > addresses than the one used to receive the
In article you write:
>should tell Google what to do. (And, yes, I certainly put myself in the latter
>category.) I, too, would like to hear
>if other resolver operators see this, ...
Is there a summary anywhere of what common resolver software like bind
and unbound do? I use unbound, but when
On Mon, Aug 31, 2020 at 10:12:04PM +0900,
Yasuhiro Orange Morishita / 森下泰宏 wrote
a message of 18 lines which said:
> But it seems to be a little bit strange. The auth servers of cdc.gov
> zone serve unneed (and unsigned) akam.cdc.gov zone. But they still
> have DS RR for real akam.cdc.gov
On Aug 31, 2020, at 12:40 AM, Thomas Mieslinger wrote:
>
> On 8/29/20 5:50 PM, Paul Hoffman wrote:
>> On Aug 28, 2020, at 3:24 PM, Puneet Sood via dns-operations
>> wrote:
>>> We would be interested in hearing other operator's experience here.
>>> Are recursive servers seeing similar behavior
be a little bit strange. The auth servers of cdc.gov
> zone serve unneed (and unsigned) akam.cdc.gov zone. But they still
> have DS RR for real akam.cdc.gov zone.
>
> This is output of digs.
> <https://www.dropbox.com/s/alfb1ftvzpd6qcv/20200831-covid.cdc.gov.txt>
... and for those of
. But they still
have DS RR for real akam.cdc.gov zone.
This is output of digs.
<https://www.dropbox.com/s/alfb1ftvzpd6qcv/20200831-covid.cdc.gov.txt>
-- Orange
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/m
On 8/29/20 5:50 PM, Paul Hoffman wrote:
On Aug 28, 2020, at 3:24 PM, Puneet Sood via dns-operations
wrote:
We would be interested in hearing other operator's experience here.
Are recursive servers seeing similar behavior from authoritative
servers? If yes, are you discarding these responses?
19 matches
Mail list logo