> On 20 Oct 2022, at 22:49, Andreas S. Kerber <a...@ag-trek.de> wrote: > > Am Thu, Oct 20, 2022 at 01:23:47PM +0200 schrieb Ondřej Surý: >> did you try writing to elbrev.com <http://elbrev.com/> operators to fix >> their servers to stop breaking DNS protocol? It often helps. (I'm ccing the >> contact in their SOA records, so let's see if anything happens.) >> >> It's not lack of EDNS0 support, but they fail to properly process unknown >> EDNS0 options - DNS Cookie in this specific example: > > Hi Ondřej, > > thanks for your quick reply and analysis regarding DNS cookies. > Is there maybe an option to configure 9.18 to act as if it was 9.16 in this > regard? > Honestly I haven't contacted the elbrev.com people (see below). > > >>> Of course I would prefer to upgrade back to 9.18.X, but I guess I won't be >>> able to find all EDNS0 incompatible servers and loosing customers to >>> 8.8.8.8 - which is able to resolve these names.. >> This is kind of moot argument - the DNS needs to evolve, and it can't evolve >> if we keep supporting broken stuff. This needs to be fixed on the >> authoritative operator side, not in BIND 9. > > You're absolutely right. I guess I've just kind of given up on convincing > other people the fix their stuff (dayjob trauma). Sorry about that.
It’s also a very small percentage of servers that are broken. If you look at the time series on https://ednscomp.isc.org/ you can drill done and see the values. For example there are a little over 10 servers for all zones in .GOV that exhibit this broken behaviour. It’s gone from ~11% in 2014 to 0.26% currently. We are at the mop up stage. For some other populations we are at 0%. The EDNS specification was updated in April 2013 to specify some unspecified behaviour. In particular this was added. Any OPTION-CODE values not understood by a responder or requestor MUST be ignored. Specifications of such options might wish to include some kind of signaled acknowledgement. For example, an option specification might say that if a responder sees and supports option XYZ, it MUST include option XYZ in its response. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
