On 07. 11. 24 17:01, Stephane Bortzmeyer wrote:
On Thu, Nov 07, 2024 at 11:34:36AM +0000,
Petr Špaček <pspa...@isc.org> wrote
a message of 10 lines which said:
Can be something done about it?
Given enough imagination, can we invent something like DNS traceroute?
There have been some attempts. This one is good:
https://github.com/farrokhi/dnsdiag/
Let me clarify - this tool is NOT what I meant.
Imagine setup where clients is configured with:
stub -> resolvers { 192.0.2.1 or 192.0.2.33 }
These two resolvers are each configured with forwarding topology:
192.0.2.33 -> policy check -> forward to { 1.1.1.1 or 9.9.9.9 }
192.0.2.1 -> policy check -> forwad to { 8.8.8.8 or 9.9.9.9 }
Now the problem is, if the client queried for 'www.example.com AAAA' and
got back '2001:db8::1' instead of expected '3fff::555'... What now?
I want some sort of trail which would show how the heck the resolver
arrived to the wrong/unexpected answer.
This is a very high-level description of the problem space. Let's
discuss! Preferably in person for initial high bandwidth discussion and
then we can continue on the mailing list once the initial round of
arguing is finished.
--
Petr Špaček
Internet Systems Consortium
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
