FORMERR responses after upgrading resolver from 9.16 to 9.18.8
Anand Buddhdev
anandb at ripe.net
Fri Oct 21 12:26:27 UTC 2022
On 21/10/2022 14:04, Hugo Salgado wrote:
> But wasn't it exactly the idea with the 2019 DNS Flag Day campaign?
> http://www.dnsflagday.net/2019/
>
> I see Google's name there, so I would expect their commitment to refuse
> to solve incorrect domains. They do a skinny favor to all the Internet
> by returning to the workarounds, and blaming those who do well (as
> Bind 9.18)
I wouldn't blame Google so quickly. The servers we're discussing in this
thread return FORMERR when the query has the COOKIE or NSID options. DNS
cookies are recommended (RFC uses "should") rather than mandated. Now,
if the Google resolver simply isn't sending these options, then it is
not affected. Similarly, a resolver like Unbound (which as far as I know
doesn't send cookies yet), will also not be affected.
While DNS cookies are not mandatory, it's not fair to point a finger at
a resolver that doesn't use this feature yet.
Regards,
Anand
More information about the bind-users
mailing list