[128821] in North American Network Operators' Group
Re: Numbering nameservers and resolvers
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Aug 17 09:21:23 2010
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <20100817125631.GA947531@hiwaay.net>
Date: Tue, 17 Aug 2010 09:21:04 -0400
To: Chris Adams <cmadams@hiwaay.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 17, 2010, at 8:56 AM, Chris Adams wrote:
> Once upon a time, Sven Olaf Kamphuis <sven@cb3rob.net> said:
>> tcp/zonetransfer not working reliably is no longer a problem as you =
simply=20
>> retreive those directly from the database over a seperate ip, no more=20=
>> old-fashioned bind related crap.
>=20
> TCP is not just for zone transfers (especially in the age of DNSSEC =
and
> still-broken firewalls).
Yeah.
there's a lot of bad networking voodoo out there.
I was on the NY State Thruway in recent weeks, and noticed a few things:
1) Don't query their website for an AAAA record, nor attempt to report =
it to the state. They say "we don't support IPv6" - not understanding =
sending back a SERVFAIL is bad
2) Don't expect 1.1.1.1 to work, they use that as a HTTPS portal, so you =
not only get broken IP, but a broken certificate login page
3) Comcast will sometimes reply from a "different" IP than you sent the =
query if the dns query fails in such a manner.
- Jared=
