Enforce EDNS

[Mark Andrews]

In message <3836f038-c480-9970-fd53-a5c87ad3633e at thelounge.net>, Reindl Harald wr
ites:
> 
> 
> Am 07.02.2017 um 18:13 schrieb Chuck Anderson:
> > On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote:
> >> I really don't want to add new automatic work arounds for broken
> >> servers but it requires people being willing to accepting that
> >> lookups will fail.  That manual work arounds will now have to
> >> be done. e.g. "server ... { send-cookie no; };"
> >>
> >> Servers not answering would EDNS or EDNS + DNS COOKIE would require
> >> operator intervention.
> >
> > Break them.  That's the only way it will eventually get fixed
> 
> if things would be that easy....
> 
> the admins of the broken servers ar the very last which are affected, 
> admins with a recent named have to bite the bullet of user terror and 
> users typically don#t give a damn when it worked yesterday
> 
> the admins of the broken server don't give a damn about as long they can 
> point their fingers and say "look, the rest of the world has no lookup 
> errors"
> 
> if it would be that easy the problem of spam would not exist for many 
> years while in reality you waste most of our time to write exceptions 
> here and there, disable rules or score them lower because you are not in 
> the position to educate every admin of sending servers out there

You go over the admins head.  You go to the board of directors.
You go the the minister responsible (yes, I have had to do that
along with a copy to the shadow minister and the company that the
DNS was outsourced to for government domains).  Good old snail mail.

Mark

> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe f
> rom this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org