Re: [DNSOP] 答复: 答复: Fwd: I-D Action: draft-song-atr-large-resp-00.txt

Mark Andrews <marka@isc.org> Fri, 22 September 2017 05:04 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C00513339D for <dnsop@ietfa.amsl.com>; Thu, 21 Sep 2017 22:04:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.88
X-Spam-Level:
X-Spam-Status: No, score=-5.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lRsvMj0WQxNN for <dnsop@ietfa.amsl.com>; Thu, 21 Sep 2017 22:04:47 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35FF71331B0 for <dnsop@ietf.org>; Thu, 21 Sep 2017 22:04:47 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id EF60234B78C; Fri, 22 Sep 2017 05:04:44 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id D75F716003D; Fri, 22 Sep 2017 05:04:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id A3A4D160074; Fri, 22 Sep 2017 05:04:44 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id BvzWBz6aKRtu; Fri, 22 Sep 2017 05:04:44 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 5A03B16003D; Fri, 22 Sep 2017 05:04:44 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 1290487A2DC3; Fri, 22 Sep 2017 15:04:42 +1000 (AEST)
Cc: Paul Vixie <paul@redbarn.org>, =?UTF-8?B?IkRhdmV5IFNvbmco5a6L5p6X5YGlKSI=?= <ljsong@biigroup.cn>, 'dnsop' <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <150509601027.9852.16967877638602485585@ietfa.amsl.com> <CAAObRXJ6wJGCXkbKVkNmQCJ8NccBT63A8-9-LiRVZCFsDicchw@mail.gmail.com> <CACfw2hhaKTyfJfjQ5-_kfqiHX1oX+9P6mUWD06B87y_2ysdztA@mail.gmail.com> <045b01d33288$d3fadad0$7bf09070$@cn>+5DE3FF4CB4E4721A <59C34510.4080705@redbarn.org> <048701d332a8$6f944980$4ebcdc80$@cn>+1004318D79D4A4F6 <59C47601.5030804@redbarn.org> <20170922031358.94ABB87A157F@rock.dv.isc.org> <59C48658.9000608@redbarn.org> <20170922042453.08EA187A1E04@rock.dv.isc.org>
In-reply-to: Your message of "Fri, 22 Sep 2017 14:24:52 +1000." <20170922042453.08EA187A1E04@rock.dv.isc.org>
Date: Fri, 22 Sep 2017 15:04:41 +1000
Message-Id: <20170922050442.1290487A2DC3@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8ECD3zBSyBxpL6WV0eqF7gn-A2E>
Subject: Re: [DNSOP] =?utf-8?b?562U5aSNOiAgIOetlOWkjTogIEZ3ZDogSS1EIEFjdGlv?= =?utf-8?q?n=3A_draft-song-atr-large-resp-00=2Etxt?=
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2017 05:04:49 -0000

In message <20170922042453.08EA187A1E04@rock.dv.isc.org>rg>, Mark Andrews writes:

> I've tested enough version negotiation paths.  See https://ednscomp.isc.org/
> The entries with "badversion" show a failed EDNS version negotiation.
> The entire Alexa top 1M is scanned once a month.

I've added a link to the raw data for those that want to investigate further.
 
> 	EDNS(0) + rcode != BADVERS -> badversion
> 	BADVERS + response version >= request version -> badversion
> 
> > > BIND 9.11 is already adding a DNS COOKIE option to every request.
> > > That is causing some firewalls to be fixed as well as some nameservers.
> > > We haven't added additional workaround code for this.
> > 
> > nice. thanks for that.
> > 
> > -- 
> > P Vixie
> > 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org