1.1.1.1 support?

Wed Mar 22 11:53:06 UTC 2023

If you wish to consult people on how to configure DNS, please reach
out to the responsible folk.

I am discussing a specific recursor in anycasted setup not resolving
domain and provider offering no remediation channel.

These are two entirely different classes of problem and collapsing
them into a single problem is not going to help in either case.

On Wed, 22 Mar 2023 at 12:25, Mark Andrews <marka at isc.org> wrote:
>
> What about the zone not having a single point of failure?  Both servers
> are covered by the same /24.
>
> % dig www.moi.gov.cy @212.31.118.19 +norec +dnssec
>
> ; <<>> DiG 9.19.11-dev <<>> www.moi.gov.cy @212.31.118.19 +norec +dnssec
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17380
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 6387183a6031ef182fa6ade7641ad4ff2a078213f4e24fc9 (good)
> ;; QUESTION SECTION:
> ;www.moi.gov.cy. IN A
>
> ;; ANSWER SECTION:
> www.moi.gov.cy. 3600 IN A 212.31.118.26
>
> ;; AUTHORITY SECTION:
> moi.gov.cy. 3600 IN NS ns01.gov.cy.
> moi.gov.cy. 3600 IN NS ns02.gov.cy.
>
> ;; ADDITIONAL SECTION:
> ns02.gov.cy. 86400 IN A 212.31.118.20
> ns01.gov.cy. 86400 IN A 212.31.118.19
>
> ;; Query time: 374 msec
> ;; SERVER: 212.31.118.19#53(212.31.118.19) (UDP)
> ;; WHEN: Wed Mar 22 21:14:23 AEDT 2023
> ;; MSG SIZE  rcvd: 157
>
> %
>
> > On 22 Mar 2023, at 19:36, Saku Ytti <saku at ytti.fi> wrote:
> >
> > Am I correct to understand that 1.1.1.1 only does support via community forum?
> >
> > They had just enough interest in the service to collect user data to
> > monetise, but 0 interest in trying to figure out how to detect and
> > solve problems?
> >
> > Why not build a web form where they ask you to explain what is not
> > working, in terms of automatically testable. Like no A record for X.
> > Then after you submit this form, they test against all 1.1.1.1 and
> > some 9.9.9.9 and 8.8.8.8 and if they find a difference in behaviour,
> > the ticket is accepted and sent to someone who understands DNS? If
> > there is no difference in behaviour, direct people to community
> > forums.
> > This trivial, cheap and fast to produce support channel would ensure
> > virtually 0 trash support cases, so you wouldn't even have to hire
> > people to support your data collection enterprise.
>
> The number of times that 8.8.8.8 “works” but there is an actual error
> is enormous.  8.8.8.8 tolerates lots of protocol errors which ends up
> causing support cases for others where the result is “the servers are
> broken in this way”.  You then try to report the issue but the report
> is ignored because “It works with 8.8.8.8”.
>
> > Very obviously they selfishly had no interest in ensuring 1.1.1.1
> > actually works, as long as they are getting the data. I do not know
> > how to characterise this as anything but unethical.
> >
> > https://community.cloudflare.com/t/1-1-1-1-wont-resolve-www-moi-gov-cy-in-lca-235m3/487469
> > https://community.cloudflare.com/t/1-1-1-1-failing-to-resolve/474228
> >
> > If you can't due to resources or competence support DNS, do not offer one.
> >
> > --
> >  ++ytti, cake having and cake eating user
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
>

-- 
  ++ytti