On Fri, Apr 14, 2023 at 9:20 PM Mark Andrews <ma...@isc.org> wrote:
> > Similarly add an unknown EDNS option (pick a value between 1000 and 1999) > to every QUERY until 1 Jan 2025 and if it comes back FORMERR with an OPT > record present, drop the response. 10 years after cleaning up the EDNS > specification we still have .5% of servers not updated. BIND is > effectively > doing this with DNS COOKIE but it is painful when people say “but the > lookup > works with large recursive server”. > Yeah, I've mentioned the same sort of thing in the past too, when I first learned of TLS Grease (RFC 8701). Speaking from experience though, and despite the efforts of EDNS flag day, dropping the responses without fallback still may be too high a bar :( We had to disable Cookies when we upgraded to a post EDNS flag day BIND implementation because of hue and cry from some large customers still running broken DNS implementations :( (I mentioned more details on the dns-operations list at that time). Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
