Numbering nameservers and resolvers

Jared Mauch jared at
Tue Aug 17 13:21:04 UTC 2010

On Aug 17, 2010, at 8:56 AM, Chris Adams wrote:

> Once upon a time, Sven Olaf Kamphuis <sven at> said:
>> tcp/zonetransfer not working reliably is no longer a problem as you simply 
>> retreive those directly from the database over a seperate ip, no more 
>> old-fashioned bind related crap.
> TCP is not just for zone transfers (especially in the age of DNSSEC and
> still-broken firewalls).


there's a lot of bad networking voodoo out there.

I was on the NY State Thruway in recent weeks, and noticed a few things:

1) Don't query their website for an AAAA record, nor attempt to report it to the state.  They say "we don't support IPv6" - not understanding sending back a SERVFAIL is bad
2) Don't expect to work, they use that as a HTTPS portal, so you not only get broken IP, but a broken certificate login page
3) Comcast will sometimes reply from a "different" IP than you sent the query if the dns query fails in such a manner.

- Jared

More information about the NANOG mailing list