1.1.1.1 support?

Wed Mar 22 10:25:32 UTC 2023

What about the zone not having a single point of failure?  Both servers
are covered by the same /24.

% dig www.moi.gov.cy @212.31.118.19 +norec +dnssec

; <<>> DiG 9.19.11-dev <<>> www.moi.gov.cy @212.31.118.19 +norec +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17380
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6387183a6031ef182fa6ade7641ad4ff2a078213f4e24fc9 (good)
;; QUESTION SECTION:
;www.moi.gov.cy. IN A

;; ANSWER SECTION:
www.moi.gov.cy. 3600 IN A 212.31.118.26

;; AUTHORITY SECTION:
moi.gov.cy. 3600 IN NS ns01.gov.cy.
moi.gov.cy. 3600 IN NS ns02.gov.cy.

;; ADDITIONAL SECTION:
ns02.gov.cy. 86400 IN A 212.31.118.20
ns01.gov.cy. 86400 IN A 212.31.118.19

;; Query time: 374 msec
;; SERVER: 212.31.118.19#53(212.31.118.19) (UDP)
;; WHEN: Wed Mar 22 21:14:23 AEDT 2023
;; MSG SIZE  rcvd: 157

% 

> On 22 Mar 2023, at 19:36, Saku Ytti <saku at ytti.fi> wrote:
> 
> Am I correct to understand that 1.1.1.1 only does support via community forum?
> 
> They had just enough interest in the service to collect user data to
> monetise, but 0 interest in trying to figure out how to detect and
> solve problems?
> 
> Why not build a web form where they ask you to explain what is not
> working, in terms of automatically testable. Like no A record for X.
> Then after you submit this form, they test against all 1.1.1.1 and
> some 9.9.9.9 and 8.8.8.8 and if they find a difference in behaviour,
> the ticket is accepted and sent to someone who understands DNS? If
> there is no difference in behaviour, direct people to community
> forums.
> This trivial, cheap and fast to produce support channel would ensure
> virtually 0 trash support cases, so you wouldn't even have to hire
> people to support your data collection enterprise.

The number of times that 8.8.8.8 “works” but there is an actual error
is enormous.  8.8.8.8 tolerates lots of protocol errors which ends up
causing support cases for others where the result is “the servers are
broken in this way”.  You then try to report the issue but the report
is ignored because “It works with 8.8.8.8”.

> Very obviously they selfishly had no interest in ensuring 1.1.1.1
> actually works, as long as they are getting the data. I do not know
> how to characterise this as anything but unethical.
> 
> https://community.cloudflare.com/t/1-1-1-1-wont-resolve-www-moi-gov-cy-in-lca-235m3/487469
> https://community.cloudflare.com/t/1-1-1-1-failing-to-resolve/474228
> 
> If you can't due to resources or competence support DNS, do not offer one.
> 
> -- 
>  ++ytti, cake having and cake eating user

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org