In message <CAKr6gn32s=9OPrAnRgDFWUkt+tpR592uaPxF6QSCXq=m7qd...@mail.gmail.com> , George Michaelson writes: > I think you missed the point John. Its a manifesto, and it can take > radical positions. If you read Shanes markup its clear a lot of things > which are implicit in 'UDP/EDNS0' are up for grabs. > > I for one, would welcome versioning models closer to HTTP. I'd also > welcome client-capability signalling and negotiation, another thing > which won't happen in my lifetime on port 53.
Checkpoint are removing the version != 0 checks and edns flags != 0 checks which cause packets to be dropped. This will fix a lot of the issues we see in the EDNS compliance checks. F5 have fixed the broken version != 0 handling. https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17086.html Complaining to operators does work. Bug reports do make it back to DNS vendors by doing that. Servers do get upgraded / reconfigured as a result. If we just go ahead and use the features the servers will be fixed. We have seen this time and time again. We should not be afraid to use EDNS features. Just choose the one that is optimal for the problem you are trying to solve. Mark > -G > > On Mon, Jul 11, 2016 at 2:04 PM, John Levine <jo...@taugh.com> wrote: > > In article <037201d1db19$78c3ac90$6a4b05b0$@cn> you write: > >>When I first looked into DNS, I was recommended with a complex figure of DN > S > >>protocol family describing the dependency and activeness of many RFC > >>documents. I'm wondering if it is possible to attach versions to DNS > >>protocol similar like IPv4 and IPv6, http/1.1 and HTTP/2 which can give > >>clear path of DNS evolution and help to keep protocol conformance. > > > > In a word, no. EDNS0 is the closest thing we have to versioning, and > > even though it's designed to be as backwards compatible as possible, > > things still break. > > > > The main problem is that there's a lot of dusty old firewalls and the > > like that have dusty old software with a rigid and obsolete idea of > > what DNS packets to allow through. We all would like people to get > > with the program and use less cruddy and obsolete software, but good > > luck with that. > > > > R's, > > John > > > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
