nanog mailing list archives
Re: DNS Flag Day, Friday, Feb 1st, 2019
From: Mark Andrews <marka () isc org>
Date: Thu, 24 Jan 2019 22:13:10 +1100
On 24 Jan 2019, at 9:02 pm, Mike Meredith <mike.meredith () port ac uk> wrote: On Thu, 24 Jan 2019 11:22:44 +1100, Mark Andrews <marka () isc org> may have written:If you run a firewall in front of your DNS server you may be broken.If you run a firewall in front of your DNS server and the firewall breaks EDNS, then your firewall is broken. And has been a long, long time. I put a firewall in place back in 2004, and EDNS compliance was one of the tests back then.
EDNS usage has changed since them. Back in 2004 there was zero use of EDNS options in queries. That is no longer true. NSID (RFC 5001) the first option to make it into main stream code was allocated in 2007 and that saw occasional use. DNS COOKIE has been in every query named has emitted since BIND 9.11.0 and in late BIND 9.10 versions. Lots of firewalls still reject it.
-- Mike Meredith, University of Portsmouth Chief Systems Engineer, Hostmaster, Security, and Timelord!
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- DNS Flag Day, Friday, Feb 1st, 2019 Brian Kantor (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mike Meredith (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mike Meredith (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Bjørn Mork (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Eric Brander (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)