Mark Andrews wrote:
>
> My bet is the DNS vendor has issued a update already and that it
> hasn't been applied.
$ fpdns sauthns1.qwest.net.
fingerprint (sauthns1.qwest.net., 63.150.72.5): NLnetLabs NSD 3.1.0 -- 3.2.8
[New Rules]
fingerprint (sauthns1.qwest.net., 2001:428:0:0:0:0:0:7): NLnetLabs
In message
, William Herrin writes:
> On Thu, Sep 15, 2016 at 7:30 PM, Mark Andrews wrote:
> > Then there is SPF. A fare portion of the reason why the SPF record
> > failed, despite it being architectually cleaner than using TXT
> > records, is that some nameservers gave bad responses to SPF qu
In message <9442fcb1-e039-4edd-8a0f-f5f351bc9...@truenet.com>, Eric Tykwinski w
rites:
> Ironically, I always wondered why I was told not to publish SPF records,
> since it did make more sense to have both, and slowly remove the TXT
> records later. Thanks for the heads upâ¦
>
> What do you thi
On Thu, Sep 15, 2016 at 7:30 PM, Mark Andrews wrote:
> Then there is SPF. A fare portion of the reason why the SPF record
> failed, despite it being architectually cleaner than using TXT
> records, is that some nameservers gave bad responses to SPF queries.
Hi Mark,
I'm going to stop you there.
Ironically, I always wondered why I was told not to publish SPF records, since
it did make more sense to have both, and slowly remove the TXT records later.
Thanks for the heads up…
What do you think really is best practice now?
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
> On S
In message
, "Aaron C. de Bruyn" writes:
>
> On Thu, Sep 15, 2016 at 2:45 PM, Mark Andrews wrote:
> >
> > Aaron,
> >How am I supposed to know which DNS vendor to contact? DNS
> >
>
> Sorry--I should have added a /sarcasm tag. :)
>
>
> > The best way to get this fixed would be for n
On Thu, Sep 15, 2016 at 2:45 PM, Mark Andrews wrote:
>
> Aaron,
>How am I supposed to know which DNS vendor to contact? DNS
>
Sorry--I should have added a /sarcasm tag. :)
> The best way to get this fixed would be for nameservers to be checked
> for protocol compliance, by the parent
In message
, William Herrin writes:
> On Thu, Sep 15, 2016 at 12:22 PM, Aaron C. de Bruyn wrot
> e:
> > On Thu, Sep 15, 2016 at 12:31 AM, Mark Andrews wrote:
> >> QWEST isn't the only DNS provider that has broken nameservers. One
> >> shouldn't have to try and contact every DNS operator to ge
On Thu, Sep 15, 2016 at 10:19 AM, wrote:
> Remember that Windows XP didn't enable IPv6 by default, and *still* has
> some 10%
> market share.
>
Yeah, I'm still fighting that battle.
https://goo.gl/photos/xFguK4FL2iydnLhE7
-A
On Thu, 15 Sep 2016 09:22:10 -0700, "Aaron C. de Bruyn" said:
> On Thu, Sep 15, 2016 at 12:31 AM, Mark Andrews wrote:
>
> > QWEST isn't the only DNS provider that has broken nameservers. One
> > shouldn't have to try and contact every DNS operator to get them to
> > use protocol compliant servers
On Thu, Sep 15, 2016 at 12:22 PM, Aaron C. de Bruyn wrote:
> On Thu, Sep 15, 2016 at 12:31 AM, Mark Andrews wrote:
>> QWEST isn't the only DNS provider that has broken nameservers. One
>> shouldn't have to try and contact every DNS operator to get them to
>> use protocol compliant servers.
>
> S
On Thu, Sep 15, 2016 at 12:31 AM, Mark Andrews wrote:
> QWEST isn't the only DNS provider that has broken nameservers. One
> shouldn't have to try and contact every DNS operator to get them to
> use protocol compliant servers.
>
Save yourself some time. Contact the DNS software vendors. ;)
-A
In case anyone is wondering why I've been harping on about EDNS
compliance this is why. Failure to follow the protocol can result
in DNS lookup failures. nara.gov is signed and the recursive server
performs DNSSEC validation and sends queries with DNS COOKIEs.
BADVERS is NOT a valid response to
13 matches
Mail list logo