On 06/04/10 21:58, Paul Vixie wrote:
Doug Barton<do...@dougbarton.us> writes:
With my business hat on though I can see at least 2 possible use cases for
DO=0. The first being related to this thread, "I can't/won't fix/remove the
firewall today, I just want my resolver to work."
it works. it's just slower because it has to fall back. this is one of the
reasons we fall back to BUFSIZE=512 before falling all the way back to DNS
(that is, turning EDNS off all together.)
The OP's problem was that the firewall between his resolving name server
and "the cloud" blocks packets with DO=1. Now admittedly this is a
special kind of stupidity on the firewall's part ...
In all fairness, I don't have any actual clients telling me that DO=1 is
a problem for them, this is pure speculation on my part; ...
yes, i know that, because i'd see the other side of it if it was going on.
Right-O. OTOH discussion/thought about the problem now, before it turns
into a crisis, (probably) can't hurt anything. :)
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
