Numbering nameservers and resolvers

Jared Mauch jared at puck.nether.net
Tue Aug 17 08:21:04 CDT 2010


On Aug 17, 2010, at 8:56 AM, Chris Adams wrote:

> Once upon a time, Sven Olaf Kamphuis <sven at cb3rob.net> said:
>> tcp/zonetransfer not working reliably is no longer a problem as you simply 
>> retreive those directly from the database over a seperate ip, no more 
>> old-fashioned bind related crap.
> 
> TCP is not just for zone transfers (especially in the age of DNSSEC and
> still-broken firewalls).

Yeah.

there's a lot of bad networking voodoo out there.

I was on the NY State Thruway in recent weeks, and noticed a few things:

1) Don't query their website for an AAAA record, nor attempt to report it to the state.  They say "we don't support IPv6" - not understanding sending back a SERVFAIL is bad
2) Don't expect 1.1.1.1 to work, they use that as a HTTPS portal, so you not only get broken IP, but a broken certificate login page
3) Comcast will sometimes reply from a "different" IP than you sent the query if the dns query fails in such a manner.

- Jared



More information about the NANOG mailing list