Can someone from Amazon please answer.

• Previous message (by thread): Can someone from Amazon please answer.
• Next message (by thread): Can someone from Amazon please answer.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just looking at the RFC...
-----
VERSION Indicates the implementation level of the setter. Full conformance
with this specification is indicated by version '0'. Requestors are
encouraged to set this to the lowest implemented level capable of
expressing a transaction, to minimise the responder and network load of
discovering the greatest common implementation level between requestor and
responder. A requestor's version numbering strategy MAY ideally be a
run-time configuration option. If a responder does not implement the
VERSION level of the request, then it MUST respond with RCODE=BADVERS. All
responses MUST be limited in format to the VERSION level of the request,
but the VERSION of each response SHOULD be the highest implementation level
of the responder. In this way, a requestor will learn the implementation
level of a responder as a side effect of every response, including error
responses and including RCODE=BADVERS.
-----

What am I missing, based on your output?

On Aug 23, 2016 6:43 PM, "Mark Andrews" <marka at isc.org> wrote:

>
> I'm curious.  What are you trying to achieve by blocking EDNS version
> negotiation?  Is it really too hard to return BADVERS to a EDNS
> query with version != 0 along with the version of EDNS you support
> in the version field?  Are you deliberately trying to prevent the
> IETF from deciding to bump the EDNS version in the future?  Do you
> have firewalls that have this behaviour hard coded?  Do you even
> test for RFC compliance?
>
> Mark
>
> lostoncampus.com.au. @205.251.195.156 (ns-924.awsdns-51.net.): dns=ok
> edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok
> ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
> lostoncampus.com.au. @205.251.192.78 (ns-78.awsdns-09.com.): dns=ok
> edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok
> ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
> lostoncampus.com.au. @205.251.196.198 (ns-1222.awsdns-24.org.): dns=ok
> edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok
> ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
> lostoncampus.com.au. @205.251.199.20 (ns-1812.awsdns-34.co.uk.): dns=ok
> edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok
> ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE:  +61 2 9871 4742                         INTERNET: marka at isc.org
>

• Previous message (by thread): Can someone from Amazon please answer.
• Next message (by thread): Can someone from Amazon please answer.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]