Re: [dns-operations] bug in Apache handling of real FQDNs

On 06/08/15 08:09, TOURNAT Guillaume wrote: > Yes, mod_rewrite is already loaded. If it was not, "apache2ctl configtest" > would have complained. Hum... It looks like the problem is that the rewrite rule only works for http, not https. Here are some working examples: http://ee.lbl.gov./ h

Re: [dns-operations] bug in Apache handling of real FQDNs

>From a protocol perspective these are illegal URLs are should never be emited on the wire. They should never be in a html document. The only place where they are vaguely ok is when typed into a location bar on a browser and if they are accepted there then they should be made cannonical before b

Re: [dns-operations] bug in Apache handling of real FQDNs

On Mon, Jun 8, 2015 at 3:04 PM, Fred Morris wrote: > If anyone on here wants to weigh in on whether from a DNS perspective > www.example.com and www.example.com. are intended to represent the same > host > (from the host's perspective at least) now is the time. > > https://bz.apache.org/bugzill

Re: [dns-operations] bug in Apache handling of real FQDNs

If anyone on here wants to weigh in on whether from a DNS perspective www.example.com and www.example.com. are intended to represent the same host (from the host's perspective at least) now is the time. https://bz.apache.org/bugzilla/show_bug.cgi?id=58007 This concerns broken HTTP + TLS clien

Re: [dns-operations] bug in Apache handling of real FQDNs

Yes, mod_rewrite is already loaded. If it was not, "apache2ctl configtest" would have complained. -Message d'origine- De : Craig Leres [mailto:le...@ee.lbl.gov] Envoyé : lundi 8 juin 2015 17:08 À : TOURNAT Guillaume; Fred Morris; dns-operati...@dns-oarc.net Objet : Re: [dns-operations] b

Re: [dns-operations] bug in Apache handling of real FQDNs

On 06/08/15 01:32, TOURNAT Guillaume wrote: > Here are apache rewrite rules that redirect to the url without the trailing > dot: > > RewriteEngine On > > # Don't switch protocols > RewriteCond %{HTTPS} =on > RewriteRule ^(.+)$ - [env=myproto:https] > RewriteCond %{HTTPS} !=on

Re: [dns-operations] about answer status

On Mon, Jun 08, 2015 at 11:16:35AM +0100, Jim Reid wrote a message of 25 lines which said: > FWIW at 08:43 UTC today: ... > At 10:04 UTC today: They read the mailing list and fix in real-time :-) ___ dns-operations mailing list dns-operations@lists.

Re: [dns-operations] about answer status

No. I really did nothing, :p On 2015/6/8 星期一 18:21, Stephane Bortzmeyer wrote: At 10:04 UTC today: They read the mailing list and fix in real-time ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/li

Re: [dns-operations] about answer status

I am not very sure, but this is may due to split zones. dwdns is a suite of complicated nameservers. i.e, $ dig rise.game.yy.com @202.96.128.86 +short 58.215.138.2 $ dig rise.game.yy.com @202.106.0.20 +short 122.97.250.2 As you see, from different LDNS we can get different results. On 2015/6

Re: [dns-operations] about answer status

On 8 Jun 2015, at 11:05, Stephane Bortzmeyer wrote: > % dig @dwdns1.nsbeta.info defensor.game.yy.com | grep NOERROR > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51459 > > % dig @dwdns2.nsbeta.info defensor.game.yy.com | grep NOERROR > ;; ->>HEADER<<- opcode: QUERY, status: N

Re: [dns-operations] 答复: about answer status

On Mon, Jun 08, 2015 at 08:47:12AM +, 张在峰 wrote a message of 43 lines which said: > I think you can read this article > https://engineering.opendns.com/2014/06/23/nxdomain-nodata-debugging-dns-dual-stacked-hosts/ > and get the answer. Unfortunately, this article starts with a mistake: >

Re: [dns-operations] about answer status

On 8 Jun 2015, at 10:01, Kevin C. wrote: > On 2015/6/8 星期一 16:49, Jim Reid wrote: >> FWIW there's an inconsistency between the two authoritative name servers for >> game.yy.com. dwdns1.nsbeta.info returns NOHOST while dwdns2.nsbeta.info >> returns NXDOMAIN for lookups of defensor.game.yy.comQT

Re: [dns-operations] about answer status

On Mon, Jun 08, 2015 at 10:45:34AM +0100, Jim Reid wrote a message of 13 lines which said: > It's dwdns2 that returns NODATA and dwdns1 that returns > NXDOMAIN. Lack of coffee again... % drink coffee % repeat 3 drink coffee % dig @dwdns1.nsbeta.info defensor.game.yy.com | grep NOERROR

Re: [dns-operations] about answer status

On 8 Jun 2015, at 10:28, Stephane Bortzmeyer wrote: >> >> FWIW there's an inconsistency between the two authoritative name >> servers for game.yy.com. dwdns1.nsbeta.info returns NOHOST while >> dwdns2.nsbeta.info returns NXDOMAIN for lookups of >> defensor.game.yy.com QTYPEs. > > This is not w

Re: [dns-operations] about answer status

On 8 Jun 2015, at 10:20, Stephane Bortzmeyer wrote: > On Mon, Jun 08, 2015 at 09:49:34AM +0100, > Jim Reid wrote > a message of 21 lines which said: > >> A NOERROR response with an empty Answer Section -- usually known as >> a NOHOST response > > Never seen that word. NODATA seems to me much

Re: [dns-operations] about answer status

On Mon, Jun 08, 2015 at 09:49:34AM +0100, Jim Reid wrote a message of 21 lines which said: > FWIW there's an inconsistency between the two authoritative name > servers for game.yy.com. dwdns1.nsbeta.info returns NOHOST while > dwdns2.nsbeta.info returns NXDOMAIN for lookups of > defensor.game.

Re: [dns-operations] about answer status

On Mon, Jun 08, 2015 at 09:49:34AM +0100, Jim Reid wrote a message of 21 lines which said: > A NOERROR response with an empty Answer Section -- usually known as > a NOHOST response Never seen that word. NODATA seems to me much more common. ___ dns-o

Re: [dns-operations] about answer status

A great explaining. Thank you Stephane. On 2015/6/8 星期一 16:54, Stephane Bortzmeyer wrote: If you want more technical details: dig, by default, requests a A record. defensor.game.yy.com has no A record (ANSWER:0 in dig's answer) but it may have other types of records (, for instance, since w

Re: [dns-operations] about answer status

Thank you Jim. On 2015/6/8 星期一 16:49, Jim Reid wrote: FWIW there's an inconsistency between the two authoritative name servers for game.yy.com. dwdns1.nsbeta.info returns NOHOST while dwdns2.nsbeta.info returns NXDOMAIN for lookups of defensor.game.yy.com QTYPEs. what causes the inconsisten

Re: [dns-operations] about answer status

On Mon, Jun 08, 2015 at 04:12:03PM +0800, Kevin C. wrote a message of 56 lines which said: > At what case the nameserver returns "NOERROR" or "NXDOMAIN" for a > non-exist record? NOERROR is when there was no error :-) NXDOMAIN means "this name does not exist". They are two completely differen

Re: [dns-operations] about answer status

On 8 Jun 2015, at 09:12, Kevin C. wrote: > Sometime I got "NOERROR" from the answer, but sometime got "NXDOMAIN". > At what case the nameserver returns "NOERROR" or "NXDOMAIN" for a non-exist > record? Thank you. A NOERROR response means just that: there was no error. A NOERROR response with a

[dns-operations] 答复: about answer status

I think you can read this article https://engineering.opendns.com/2014/06/23/nxdomain-nodata-debugging-dns-dual-stacked-hosts/ and get the answer. For RFC document, click: https://tools.ietf.org/html/rfc2308 -邮件原件- 发件人: dns-operations [mailto:dns-operations-boun...@dns-oarc.net] 代表 Kev

Re: [dns-operations] bug in Apache handling of real FQDNs

Even after adding your rewrite rules, it doesn't change Apache behaviour. It seems that redirection does not occur. Bad Request Your browser sent a request that this server could not understand. -Message d'origine- De : dns-operations [mailto:dns-operations-boun...@dns-oarc.net] De la p

Re: [dns-operations] DNS issues with .MIL

On Sun, Jun 07, 2015 at 11:18:11PM +0200, Jaap Akkerhuis wrote a message of 12 lines which said: > There are also expired sigs etc., see > . And kingfisher1.stratcom.mil reply NXDOMAIN (with aa and ra...) to a request for a domain it is n

[dns-operations] about answer status

Hello, Sometime I got "NOERROR" from the answer, but sometime got "NXDOMAIN". At what case the nameserver returns "NOERROR" or "NXDOMAIN" for a non-exist record? Thank you. There are two digs below, please notice they are different hostnames. $ dig defensor.game.yy.com @localhost ; <<>> DiG