I know you think doing this collectively is a service but having individuals discover and complain to the site operators that their DNS is broken is the only way there will be enough presure brought to bear for some of these companies to fix their server configurations.
It requires noise for them to act. Collectively hiding broken servers doesn't generate the noise. https://ednscomp.isc.org/ has lists of servers with broken EDNS support some of which stops / slows DNS resolution in BIND. Everyone subscribe to the gtld-tech mailing list and complain that ICANN doesn't require registries and registrars under its control to check that servers being delegated to are RFC compliant. Tell them that lack of EDNS compliance is breaking DNS resolution. gtld-tech is tasked with providing operational stability. My lone voice is not enough. It requires collective action to people of the backsides to do stuff. Similarly ask your countries TLD administrators to audit delegated server for DNS and EDNS compliance and to remove delegations if the servers are not fixed in a reasonable period of time. https://datatracker.ietf.org/doc/draft-ietf-dnsop-no-response-issue/ has a list of tests which cover this and other issues which affect DNS interoperability. Mark In message <1479321516.30976.7.ca...@ns.five-ten-sg.com>, Carl Byington write s: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Now that bind is sending cookies by default, there are some broken > servers out there that we need to configure with send-cookie no;. > > Unless I am missing something, 9.11.0-P1 will (by default) fail to > resolve names like airdownload.wip4.adobe.com. > > In the interest of publicly naming and shaming their operators, I will > add an "include /etc/named.broken.servers" file in my packaging. The > content so far is below. Send me a note if you run into any others. > > > // adobe servers that don't understand edns options > // dig wip4.adobe.com ns > // dig airdownload.wip4.adobe.com @192.150.16.247 +cookie ==> nxdomain > // dig airdownload.wip4.adobe.com @192.150.16.247 +nocookie ==> noerror > server 192.150.16.247 { send-cookie no; }; > server 192.150.19.247 { send-cookie no; }; > server 193.104.215.247 { send-cookie no; }; > > > > // eia.gov servers that don't understand edns options > // dig eia.gov ns > // dig phantom.eia.gov. @205.254.135.9 +cookie => formerr > // dig phantom.eia.gov. @205.254.135.9 +nocookie => noerror > server 205.254.135.9 { send-cookie no; }; > server 199.36.140.199 { send-cookie no; }; > > > > // lctcs.edu servers that don't understand edns options > // dig lctcs.edu ns > // dig www.lctcs.edu @76.165.120.16 +cookie => formerr > // dig www.lctcs.edu @76.165.120.16 +nocookie => noerror > server 76.165.120.16 { send-cookie no; }; > server 76.165.210.249 { send-cookie no; }; > > > > // london-nano.com servers that don't understand edns options > // dig london-nano.com ns > // dig www.london-nano.com @213.162.97.177 +cookie > // dig www.london-nano.com @213.162.97.177 +nocookie > server 213.162.97.177 { send-cookie no; }; > server 213.162.97.178 { send-cookie no; }; > > > > // etdbw.com servers that don't understand edns options > (www.mycoverageinfo.com) > // dig www.mycoverageinfo.gtm.etdbw.com. +trace > // dig www.mycoverageinfo.gtm.etdbw.com. @167.79.186.7 +cookie => > noerror, 0 answers > // dig www.mycoverageinfo.gtm.etdbw.com. @167.79.186.7 +nocookie => > noerror, 1 answer > server 167.79.45.7 { send-cookie no; }; > server 167.79.182.7 { send-cookie no; }; > server 167.79.186.7 { send-cookie no; }; > server 167.79.192.7 { send-cookie no; }; > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > > iEYEAREKAAYFAlgsp6AACgkQL6j7milTFsF5VACfXxKp+HLNNX7fczr4xF4qT4LP > UCIAn3h4WPC2QZ21+gYnSuECG3t2nwEQ > =22tF > -----END PGP SIGNATURE----- > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri > be from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
