On Mon, 2014-08-25 at 08:24 -0500, Dave Duchscher wrote: > Cloudflare's response: > > > Hey there, > > > > Because the DNS query "http://reddit.com"; is technically not valid (since > > DNS queries should not contain the protocol URI), CloudFlare's DNS servers > > will not respond to them.
That is what I would have predicted their response would have been. A broken client is making illegal DNS queries; that is the root cause of the difficulty. The fact that unbound itself doesn't return an error for these illegal queries is only making matters worse. Neither ':' nor '/' are legal DNS hostname characters (see RFC-1035 and onwards), so it should be the resolver library (i.e. unbound) that should be validating the query before sending it on, IMNSHO. The fact that reddit.com has an unfriendly behavior WRT illegal queries doesn't mean it is their fault; there is no requirement to return NXDOMAIN or SERVFAIL or anything at all, so they chose to drop the query. John -- JOHN PEACOCK senior software build and release engineer www.messagesystems.com twitter @MessageSystems tel 410-872-4910 x239 email [email protected] _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
