Enforce EDNS
Matthew Pounsett
matt at conundrum.com
Tue Feb 7 18:58:49 UTC 2017
On 6 February 2017 at 19:59, Mark Andrews <marka at isc.org> wrote:
>
> Unfortunately we then need to decide what to do with servers that
> don't answer EDNS + DNS COOKIE queries. Currently we fall back to
> plain DNS which works except when there is a signed zone involved
> and the server is validating.
>
> I really don't want to add new automatic work arounds for broken
> servers but it requires people being willing to accepting that
> lookups will fail. That manual work arounds will now have to
> be done. e.g. "server ... { send-cookie no; };"
I fully support breaking resolution for such servers. I'd rather have a
hard failure on my end that I can investigate, and work around if
necessary, than have my server wasting cycles trying to guess what sort of
broken state there is on the far end. It would also give me the heads up
I need to contact the admin on the far end and report their servers' broken
behaviour.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170207/1c2d4b4a/attachment.html>
More information about the bind-users
mailing list