Numbering nameservers and resolvers
jared at puck.nether.net
Tue Aug 17 13:21:04 UTC 2010
On Aug 17, 2010, at 8:56 AM, Chris Adams wrote:
> Once upon a time, Sven Olaf Kamphuis <sven at cb3rob.net> said:
>> tcp/zonetransfer not working reliably is no longer a problem as you simply
>> retreive those directly from the database over a seperate ip, no more
>> old-fashioned bind related crap.
> TCP is not just for zone transfers (especially in the age of DNSSEC and
> still-broken firewalls).
there's a lot of bad networking voodoo out there.
I was on the NY State Thruway in recent weeks, and noticed a few things:
1) Don't query their website for an AAAA record, nor attempt to report it to the state. They say "we don't support IPv6" - not understanding sending back a SERVFAIL is bad
2) Don't expect 220.127.116.11 to work, they use that as a HTTPS portal, so you not only get broken IP, but a broken certificate login page
3) Comcast will sometimes reply from a "different" IP than you sent the query if the dns query fails in such a manner.
More information about the NANOG