nanog mailing list archives
Re: Can someone from Amazon please answer.
From: Josh Reynolds <josh () kyneticwifi com>
Date: Fri, 26 Aug 2016 17:33:27 -0500
Just looking at the RFC... ----- VERSION Indicates the implementation level of the setter. Full conformance with this specification is indicated by version '0'. Requestors are encouraged to set this to the lowest implemented level capable of expressing a transaction, to minimise the responder and network load of discovering the greatest common implementation level between requestor and responder. A requestor's version numbering strategy MAY ideally be a run-time configuration option. If a responder does not implement the VERSION level of the request, then it MUST respond with RCODE=BADVERS. All responses MUST be limited in format to the VERSION level of the request, but the VERSION of each response SHOULD be the highest implementation level of the responder. In this way, a requestor will learn the implementation level of a responder as a side effect of every response, including error responses and including RCODE=BADVERS. ----- What am I missing, based on your output? On Aug 23, 2016 6:43 PM, "Mark Andrews" <marka () isc org> wrote:
I'm curious. What are you trying to achieve by blocking EDNS version negotiation? Is it really too hard to return BADVERS to a EDNS query with version != 0 along with the version of EDNS you support in the version field? Are you deliberately trying to prevent the IETF from deciding to bump the EDNS version in the future? Do you have firewalls that have this behaviour hard coded? Do you even test for RFC compliance? Mark lostoncampus.com.au. @205.251.195.156 (ns-924.awsdns-51.net.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok lostoncampus.com.au. @205.251.192.78 (ns-78.awsdns-09.com.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok lostoncampus.com.au. @205.251.196.198 (ns-1222.awsdns-24.org.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok lostoncampus.com.au. @205.251.199.20 (ns-1812.awsdns-34.co.uk.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Can someone from Amazon please answer. Mark Andrews (Aug 23)
- Re: Can someone from Amazon please answer. g () 1337 io (Aug 26)
- Re: Can someone from Amazon please answer. Josh Reynolds (Aug 26)
- Re: Can someone from Amazon please answer. Mark Andrews (Aug 26)
- Re: Can someone from Amazon please answer. Josh Reynolds (Aug 26)
- Re: Can someone from Amazon please answer. Jared Mauch (Aug 26)
- Re: Can someone from Amazon please answer. Mark Andrews (Aug 26)
- Re: Can someone from Amazon please answer. John Levine (Aug 27)
- Re: Can someone from Amazon please answer. Mark Andrews (Aug 26)