Re: [dnsext] enough is enough
bert hubert <bert.hubert@netherlabs.nl> Sun, 21 December 2014 14:33 UTC
Return-Path: <ahu@xs.powerdns.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96FE01A066C for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 06:33:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.289
X-Spam-Level:
X-Spam-Status: No, score=0.289 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GkxD5AAdbYNd for <dnsext@ietfa.amsl.com>; Sun, 21 Dec 2014 06:33:17 -0800 (PST)
Received: from xs.powerdns.com (xs.powerdns.com [IPv6:2001:888:2000:1d::2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25EA71A049A for <dnsext@ietf.org>; Sun, 21 Dec 2014 06:33:16 -0800 (PST)
Received: from ahu by xs.powerdns.com with local (Exim 4.71) (envelope-from <ahu@xs.powerdns.com>) id 1Y2hZH-0007s8-2Y; Sun, 21 Dec 2014 15:33:11 +0100
Date: Sun, 21 Dec 2014 15:33:11 +0100
From: bert hubert <bert.hubert@netherlabs.nl>
To: Patrik Fältström <paf@frobbit.se>
Message-ID: <20141221143310.GA28183@xs.powerdns.com>
References: <20141220125805.GB20765@xs.powerdns.com> <20141220142506.C7EA12630502@rock.dv.isc.org> <A78F8417-AEA2-42BF-A7D5-96FE99DCBBBE@rfc1035.com> <20141220204337.4F47026313BC@rock.dv.isc.org> <7A31183A-CC1E-4F0A-A2EA-848B10B60A2B@insensate.co.uk> <E732A2F7-E467-4940-8A66-726FC894B4B3@frobbit.se> <20141221094454.GC13389@xs.powerdns.com> <55B7725D-1B11-4D8D-BDA3-43748E8E12A7@frobbit.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <55B7725D-1B11-4D8D-BDA3-43748E8E12A7@frobbit.se>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/klS-dVPAl_AfLu6XcDGQsrjXrx0
Cc: DNSEXT Group Working <dnsext@ietf.org>
Subject: Re: [dnsext] enough is enough
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Dec 2014 14:33:18 -0000
On Sun, Dec 21, 2014 at 11:33:17AM +0100, Patrik Fältström wrote: > > The domain x.y.z fails to resolve using our software, and we have determined > > that this is because the software or hardware publishing the DNS details of > > x.y.z is not conforming to the DNS standards. > As Jim says, your idea is nice as it is, and there is nothing wrong with > the email -- but we have no idea what so ever where to send it. Actually, as the authors of a resolver, we know exactly where to send it. To the people telling me I need to fix my resolver so it works with broken domain X. And in turn, we've found that (together with resolver operators) we can quickly find out what broken hardware or software is behind the issue - Citrix Netscalers this time round. It helps if large operators (people with tens of millions of customers) tell them they need to clean up their act. The REAL issue right now is that we can't resist fixing a broken domain "because it works with Google/Unbound/Bind/Microsoft, so you must fix it". What is needed is a pact that none of us will respect that argument on its own if a domain actually should be broken. > The best path forward is I think still for you to publish clear and crisp > information like this on your web page so that it is found when searching > for help with Google and other search engines. > > I.e. as long as no one have any issues with the brokenness, it will not be fixed. Exactly. It should actually break therefore. If you own dodgy equipment or use bad software, your domain should receive lots of reports of brokenness. > If not even TLDs are hosted correctly, and registry policies are such that > it encourages broken DNS configurations, I feel there is not much The > Protocol Police can do about it. I'm afraid this is true. But if all big implementation decide to no longer play the game, the (mostly) load balancer implementations will have to clean up their act. I also note that quite a lot of problems are AAAA related. This in itself is an impediment to IPv6 adoption! Bert
- [dnsext] Empty AA=0 AD=1 answers to AAAA queries:… bert hubert
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Mark Andrews
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… bert hubert
- [dnsext] getting TLDs to fix other people's probl… Jim Reid
- Re: [dnsext] getting TLDs to fix other people's p… Mark Andrews
- Re: [dnsext] getting TLDs to fix other people's p… Lawrence Conroy
- Re: [dnsext] getting TLDs to fix other people's p… Patrik Fältström
- [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jim Reid
- Re: [dnsext] enough is enough Jim Reid
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] Empty AA=0 AD=1 answers to AAAA quer… Alex Bligh
- Re: [dnsext] enough is enough bert hubert
- Re: [dnsext] getting TLDs to fix other people's p… Jay Daley
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Mark Andrews
- Re: [dnsext] enough is enough Patrik Fältström
- Re: [dnsext] enough is enough Stephane Bortzmeyer