In message <CAC=TB13tLt0GafJq3r+v5WQ6Sjx0jWNpZMbpCH+p7BCUG_Cc=q...@mail.gmail.com>, =?UTF-8?Q?Marek_Vavru=C5=A1a?= writes: > > This affects several major DNS providers currently. I've heard Akamai > is rolling out update, but it's still returning NXDOMAIN for ENTs. > While deploying the draft in the current state of Internet is not > really viable and pointing out various broken implementations is fun, > I think it's good to have this draft as a reference from now on. > > Marek
Which is really not a reason to not deploy. There are lots of things broken in deployed nameservers and waiting for them to be fixed before deploying would result in us never deploying new features. We are pushing ahead with deploying DNS COOKIES, on by default, despite knowing that it will result on resolution failures for a small percentage of zones, slower (extra round trips for incorrect rcodes) and very slow (multiple seconds as we discover the poorly configured firewalls) lookups to others and "wrong" results for still others (NODATA instead of DATA, NXDOMAIN instead of DATA). We also shouldn't put on hold deploying changes to depending upon correct ENT behaviour. It's not like people haven't had a decade to fix their servers since the issue was identified. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
