nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can someone from Amazon please answer.

From: "g () 1337 io" <g () 1337 io>
Date: Fri, 26 Aug 2016 15:17:12 -0700
I would love to hear Amazon's response to this very question!


On 8/23/16 4:37 PM, Mark Andrews wrote:

I'm curious.  What are you trying to achieve by blocking EDNS version
negotiation?  Is it really too hard to return BADVERS to a EDNS
query with version != 0 along with the version of EDNS you support
in the version field?  Are you deliberately trying to prevent the
IETF from deciding to bump the EDNS version in the future?  Do you
have firewalls that have this behaviour hard coded?  Do you even
test for RFC compliance?

Mark

lostoncampus.com.au. @205.251.195.156 (ns-924.awsdns-51.net.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok 
edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
lostoncampus.com.au. @205.251.192.78 (ns-78.awsdns-09.com.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok 
edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
lostoncampus.com.au. @205.251.196.198 (ns-1222.awsdns-24.org.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok 
edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
lostoncampus.com.au. @205.251.199.20 (ns-1812.awsdns-34.co.uk.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok 
edns1opt=timeout do=ok ednsflags=ok optlist=ok,nsid,subnet signed=ok ednstcp=ok
Previous By Date Next
Previous By Thread Next

Current thread: