Enforce EDNS

Reindl Harald h.reindl at thelounge.net
Tue Feb 7 21:39:03 UTC 2017 


Am 07.02.2017 um 22:11 schrieb Mark Andrews:
> In message <3836f038-c480-9970-fd53-a5c87ad3633e at thelounge.net>, Reindl Harald wr
> ites:
>>> Break them.  That's the only way it will eventually get fixed
>>
>> if things would be that easy....
>>
>> the admins of the broken servers ar the very last which are affected,
>> admins with a recent named have to bite the bullet of user terror and
>> users typically don#t give a damn when it worked yesterday
>>
>> the admins of the broken server don't give a damn about as long they can
>> point their fingers and say "look, the rest of the world has no lookup
>> errors"
>>
>> if it would be that easy the problem of spam would not exist for many
>> years while in reality you waste most of our time to write exceptions
>> here and there, disable rules or score them lower because you are not in
>> the position to educate every admin of sending servers out there
>
> You go over the admins head.  You go to the board of directors.
> You go the the minister responsible (yes, I have had to do that
> along with a copy to the shadow minister and the company that the
> DNS was outsourced to for government domains).  Good old snail mail

if *you* do that from your position it may work but still takes time in 
a world where it somestimes takes days and weeks to find somebody who 
can instruct a admin to change a simple CNAME record from machine A to 
machine B even with the directors OK and CC'ed in the message

i doubt it works the same way for a ordinary admin in a small company 
where you to make it work because *you* broke it with the named update 
and so your advise will be "roll back that stuff to the state of 
yesterday where it worked and no you have not the free time to call each 
and every company and educate them"

problem here is that as long it's not a critical mass anybody who 
deployed the update breaking things have to bleed for it and so you have 
to find enough people with the power to go over admins head *before* the 
breaking updates

and no, when in your company people can't work because DNS is broken you 
don't call foreign admins and directors - you have to fix that *now* and 
after you have fixed it you have no longer arumgents why call somebody 
with no direct relations

More information about the bind-users mailing list