RE: 1.1.1.1 support?

[Dennis Burgess <dmburgess () linktechs net>]

Why would they need it, its free, they are not being paid to be your DNS servers.  Assuming the provider is 1.1.1.1 
itself.   YOUR ISP SHOULD NOT USE 1.1.1.1 or 8.8.8.8, you should run your OWN DNS servers.  

If its not within your circle of influence, don’t' risk your business on it!  



Dennis Burgess, Mikrotik Certified Trainer
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE, MTCSE, HE IPv6 Sage, Cambium ePMP Certified 
Author of "Learn RouterOS- Second Edition” 
Link Technologies, Inc -- Mikrotik & WISP Support Services 
Office: 314-735-0270  Website: http://www.linktechs.net 
Need to Automate MikroTik Backups:  https://cloud.linktechs.net 
Create Wireless Coverage’s with www.towercoverage.com 

-----Original Message-----
From: NANOG <nanog-bounces+dmburgess=linktechs.net () nanog org> On Behalf Of Saku Ytti
Sent: Wednesday, March 22, 2023 6:53 AM
To: Mark Andrews <marka () isc org>
Cc: nanog list <nanog () nanog org>
Subject: Re: 1.1.1.1 support?

If you wish to consult people on how to configure DNS, please reach out to the responsible folk.

I am discussing a specific recursor in anycasted setup not resolving domain and provider offering no remediation 
channel.

These are two entirely different classes of problem and collapsing them into a single problem is not going to help in 
either case.

On Wed, 22 Mar 2023 at 12:25, Mark Andrews <marka () isc org> wrote:
> What about the zone not having a single point of failure?  Both 
> servers are covered by the same /24.
>
> % dig www.moi.gov.cy @212.31.118.19 +norec +dnssec
>
> ; <<>> DiG 9.19.11-dev <<>> www.moi.gov.cy @212.31.118.19 +norec 
> +dnssec ;; global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17380 ;; flags: qr 
> aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 6387183a6031ef182fa6ade7641ad4ff2a078213f4e24fc9 (good) ;; 
> QUESTION SECTION:
> ;www.moi.gov.cy. IN A
>
> ;; ANSWER SECTION:
> www.moi.gov.cy. 3600 IN A 212.31.118.26
>
> ;; AUTHORITY SECTION:
> moi.gov.cy. 3600 IN NS ns01.gov.cy.
> moi.gov.cy. 3600 IN NS ns02.gov.cy.
>
> ;; ADDITIONAL SECTION:
> ns02.gov.cy. 86400 IN A 212.31.118.20
> ns01.gov.cy. 86400 IN A 212.31.118.19
>
> ;; Query time: 374 msec
> ;; SERVER: 212.31.118.19#53(212.31.118.19) (UDP) ;; WHEN: Wed Mar 22 
> 21:14:23 AEDT 2023 ;; MSG SIZE  rcvd: 157
>
> %
>
> > On 22 Mar 2023, at 19:36, Saku Ytti <saku () ytti fi> wrote:
> >
> > Am I correct to understand that 1.1.1.1 only does support via community forum?
> >
> > They had just enough interest in the service to collect user data to 
> > monetise, but 0 interest in trying to figure out how to detect and 
> > solve problems?
> >
> > Why not build a web form where they ask you to explain what is not 
> > working, in terms of automatically testable. Like no A record for X.
> > Then after you submit this form, they test against all 1.1.1.1 and 
> > some 9.9.9.9 and 8.8.8.8 and if they find a difference in behaviour, 
> > the ticket is accepted and sent to someone who understands DNS? If 
> > there is no difference in behaviour, direct people to community 
> > forums.
> > This trivial, cheap and fast to produce support channel would ensure 
> > virtually 0 trash support cases, so you wouldn't even have to hire 
> > people to support your data collection enterprise.
>
> The number of times that 8.8.8.8 “works” but there is an actual error 
> is enormous.  8.8.8.8 tolerates lots of protocol errors which ends up 
> causing support cases for others where the result is “the servers are 
> broken in this way”.  You then try to report the issue but the report 
> is ignored because “It works with 8.8.8.8”.
>
> > Very obviously they selfishly had no interest in ensuring 1.1.1.1 
> > actually works, as long as they are getting the data. I do not know 
> > how to characterise this as anything but unethical.
> >
> > https://community.cloudflare.com/t/1-1-1-1-wont-resolve-www-moi-gov-
> > cy-in-lca-235m3/487469
> > https://community.cloudflare.com/t/1-1-1-1-failing-to-resolve/474228
> >
> > If you can't due to resources or competence support DNS, do not offer one.
> >
> > --
> >  ++ytti, cake having and cake eating user
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka () isc org


--
  ++ytti