marka at isc.org
Wed Mar 22 10:25:32 UTC 2023
What about the zone not having a single point of failure? Both servers
are covered by the same /24.
% dig www.moi.gov.cy @184.108.40.206 +norec +dnssec
; <<>> DiG 9.19.11-dev <<>> www.moi.gov.cy @220.127.116.11 +norec +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17380
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6387183a6031ef182fa6ade7641ad4ff2a078213f4e24fc9 (good)
;; QUESTION SECTION:
;www.moi.gov.cy. IN A
;; ANSWER SECTION:
www.moi.gov.cy. 3600 IN A 18.104.22.168
;; AUTHORITY SECTION:
moi.gov.cy. 3600 IN NS ns01.gov.cy.
moi.gov.cy. 3600 IN NS ns02.gov.cy.
;; ADDITIONAL SECTION:
ns02.gov.cy. 86400 IN A 22.214.171.124
ns01.gov.cy. 86400 IN A 126.96.36.199
;; Query time: 374 msec
;; SERVER: 188.8.131.52#53(184.108.40.206) (UDP)
;; WHEN: Wed Mar 22 21:14:23 AEDT 2023
;; MSG SIZE rcvd: 157
> On 22 Mar 2023, at 19:36, Saku Ytti <saku at ytti.fi> wrote:
> Am I correct to understand that 220.127.116.11 only does support via community forum?
> They had just enough interest in the service to collect user data to
> monetise, but 0 interest in trying to figure out how to detect and
> solve problems?
> Why not build a web form where they ask you to explain what is not
> working, in terms of automatically testable. Like no A record for X.
> Then after you submit this form, they test against all 18.104.22.168 and
> some 22.214.171.124 and 126.96.36.199 and if they find a difference in behaviour,
> the ticket is accepted and sent to someone who understands DNS? If
> there is no difference in behaviour, direct people to community
> This trivial, cheap and fast to produce support channel would ensure
> virtually 0 trash support cases, so you wouldn't even have to hire
> people to support your data collection enterprise.
The number of times that 188.8.131.52 “works” but there is an actual error
is enormous. 184.108.40.206 tolerates lots of protocol errors which ends up
causing support cases for others where the result is “the servers are
broken in this way”. You then try to report the issue but the report
is ignored because “It works with 220.127.116.11”.
> Very obviously they selfishly had no interest in ensuring 18.104.22.168
> actually works, as long as they are getting the data. I do not know
> how to characterise this as anything but unethical.
> If you can't due to resources or competence support DNS, do not offer one.
> ++ytti, cake having and cake eating user
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG