-Michael
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark
> Andrews
> Sent: Tuesday, February 07, 2017 4:32 PM
> To: Reindl Harald
> Cc: bind-us...@isc.org
> Subject: Re: Enforce EDNS
>
>
> In message <4b0243b
In message <4b0243b1-1c89-023b-f3f3-7279216d5...@thelounge.net>, Reindl Harald
writes:
>
>
> Am 07.02.2017 um 22:11 schrieb Mark Andrews:
> > In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Har
> ald wr
> > ites:
> >>> Break them. That's the only way it will eventually
On 2/7/17 3:11 PM, Mark Andrews wrote:
>>> Break them. That's the only way it will eventually get fixed
>>
>> if things would be that easy
>>
>> the admins of the broken servers ar the very last which are affected,
>> admins with a recent named have to bite the bullet of user terror and
>>
Am 07.02.2017 um 22:11 schrieb Mark Andrews:
In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Harald
wr
ites:
Break them. That's the only way it will eventually get fixed
if things would be that easy
the admins of the broken servers ar the very last which are af
In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Harald
wr
ites:
>
>
> Am 07.02.2017 um 18:13 schrieb Chuck Anderson:
> > On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote:
> >> I really don't want to add new automatic work arounds for broken
> >> servers but i
From: Matthew Pounsett
> I fully support breaking resolution for such servers. I'd rather
> have a hard failure on my end that I can investigate, and work
> around if necessary, than have my server wasting cycles trying to
> guess what sort of broken state there is on the far end. It would
Am 07.02.2017 um 18:13 schrieb Chuck Anderson:
On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote:
I really don't want to add new automatic work arounds for broken
servers but it requires people being willing to accepting that
lookups will fail. That manual work arounds will now hav
On 6 February 2017 at 19:59, Mark Andrews wrote:
>
> Unfortunately we then need to decide what to do with servers that
> don't answer EDNS + DNS COOKIE queries. Currently we fall back to
> plain DNS which works except when there is a signed zone involved
> and the server is validating.
>
> I rea
On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote:
> I really don't want to add new automatic work arounds for broken
> servers but it requires people being willing to accepting that
> lookups will fail. That manual work arounds will now have to
> be done. e.g. "server ... { send-cookie
In message , Daniel Stirnimann
writes:
Hello all,
Our resolver failed to contact an upstream name server as a result of
network connectivity issues. named retries eventually worked but as it
reverted back to not using EDNS and the answer should have been signed,
the query response failed to val
Hi there,
On Tue, 7 Feb 2017, Mark Andrews wrote:
I really don't want to add new automatic work arounds for broken
servers but it requires people being willing to accepting that
lookups will fail. That manual work arounds will now have to be
done. e.g. "server ... { send-cookie no; };"
+2
-
> Named doesn't have a switch to force EDNS though I suppose we could
> add one to 9.12. e.g. server ... { edns force; };
I would find this useful.
> I really don't want to add new automatic work arounds for broken
> servers but it requires people being willing to accepting that
> lookups will f
In message , Daniel Stirnimann
writes:
> Hello all,
>
> Our resolver failed to contact an upstream name server as a result of
> network connectivity issues. named retries eventually worked but as it
> reverted back to not using EDNS and the answer should have been signed,
> the query response fa
13 matches
Mail list logo
