* David Conrad: >> In particular, running different implementations behind a load >> balancer on the same public IP address can break EDNS detection by >> resolvers, and crafted queries sent to a resolver can make data >> unavailable to that resolver (until a timeout occurs). > > Huh?
Yeah. > If you're running multiple implementations behind a load balancer > and one is not following the protocol specifications such that it > breaks EDNS detection, the answer is to fix the broken resolver or > run a different resolver that responds correctly, not run an > identical code base. The problem is that the EDNS protocol does not have a proper handshake. If implementations reply differently to the same query, a resolver may hit one implementation, receive some sort of failure indication, try again without EDNS, hit the other implementation, receive a reply, and conclude that the IP address in question is not EDNS-tolerant. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
