saku at ytti.fi
Wed Mar 22 11:53:06 UTC 2023
If you wish to consult people on how to configure DNS, please reach
out to the responsible folk.
I am discussing a specific recursor in anycasted setup not resolving
domain and provider offering no remediation channel.
These are two entirely different classes of problem and collapsing
them into a single problem is not going to help in either case.
On Wed, 22 Mar 2023 at 12:25, Mark Andrews <marka at isc.org> wrote:
> What about the zone not having a single point of failure? Both servers
> are covered by the same /24.
> % dig www.moi.gov.cy @184.108.40.206 +norec +dnssec
> ; <<>> DiG 9.19.11-dev <<>> www.moi.gov.cy @220.127.116.11 +norec +dnssec
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17380
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 6387183a6031ef182fa6ade7641ad4ff2a078213f4e24fc9 (good)
> ;; QUESTION SECTION:
> ;www.moi.gov.cy. IN A
> ;; ANSWER SECTION:
> www.moi.gov.cy. 3600 IN A 18.104.22.168
> ;; AUTHORITY SECTION:
> moi.gov.cy. 3600 IN NS ns01.gov.cy.
> moi.gov.cy. 3600 IN NS ns02.gov.cy.
> ;; ADDITIONAL SECTION:
> ns02.gov.cy. 86400 IN A 22.214.171.124
> ns01.gov.cy. 86400 IN A 126.96.36.199
> ;; Query time: 374 msec
> ;; SERVER: 188.8.131.52#53(184.108.40.206) (UDP)
> ;; WHEN: Wed Mar 22 21:14:23 AEDT 2023
> ;; MSG SIZE rcvd: 157
> > On 22 Mar 2023, at 19:36, Saku Ytti <saku at ytti.fi> wrote:
> > Am I correct to understand that 220.127.116.11 only does support via community forum?
> > They had just enough interest in the service to collect user data to
> > monetise, but 0 interest in trying to figure out how to detect and
> > solve problems?
> > Why not build a web form where they ask you to explain what is not
> > working, in terms of automatically testable. Like no A record for X.
> > Then after you submit this form, they test against all 18.104.22.168 and
> > some 22.214.171.124 and 126.96.36.199 and if they find a difference in behaviour,
> > the ticket is accepted and sent to someone who understands DNS? If
> > there is no difference in behaviour, direct people to community
> > forums.
> > This trivial, cheap and fast to produce support channel would ensure
> > virtually 0 trash support cases, so you wouldn't even have to hire
> > people to support your data collection enterprise.
> The number of times that 188.8.131.52 “works” but there is an actual error
> is enormous. 184.108.40.206 tolerates lots of protocol errors which ends up
> causing support cases for others where the result is “the servers are
> broken in this way”. You then try to report the issue but the report
> is ignored because “It works with 220.127.116.11”.
> > Very obviously they selfishly had no interest in ensuring 18.104.22.168
> > actually works, as long as they are getting the data. I do not know
> > how to characterise this as anything but unethical.
> > https://community.cloudflare.com/t/1-1-1-1-wont-resolve-www-moi-gov-cy-in-lca-235m3/487469
> > https://community.cloudflare.com/t/1-1-1-1-failing-to-resolve/474228
> > If you can't due to resources or competence support DNS, do not offer one.
> > --
> > ++ytti, cake having and cake eating user
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG