Re: Numbering nameservers and resolvers

[Jared Mauch <jared () puck nether net>]

On Aug 17, 2010, at 8:56 AM, Chris Adams wrote:

> Once upon a time, Sven Olaf Kamphuis <sven () cb3rob net> said:
> > tcp/zonetransfer not working reliably is no longer a problem as you simply 
> > retreive those directly from the database over a seperate ip, no more 
> > old-fashioned bind related crap.
>
> TCP is not just for zone transfers (especially in the age of DNSSEC and
> still-broken firewalls).

Yeah.

there's a lot of bad networking voodoo out there.

I was on the NY State Thruway in recent weeks, and noticed a few things:

1) Don't query their website for an AAAA record, nor attempt to report it to the state.  They say "we don't support 
IPv6" - not understanding sending back a SERVFAIL is bad
2) Don't expect 1.1.1.1 to work, they use that as a HTTPS portal, so you not only get broken IP, but a broken 
certificate login page
3) Comcast will sometimes reply from a "different" IP than you sent the query if the dns query fails in such a manner.

- Jared