> On 21 Oct 2022, at 03:51, Mark Andrews <[email protected]> wrote: > >> >> >>>> Of course I would prefer to upgrade back to 9.18.X, but I guess I won't be >>>> able to find all EDNS0 incompatible servers and loosing customers to >>>> 8.8.8.8 - which is able to resolve these names.. >>> This is kind of moot argument - the DNS needs to evolve, and it can't >>> evolve if we keep supporting broken stuff. This needs to be fixed on the >>> authoritative operator side, not in BIND 9. >> >> You're absolutely right. I guess I've just kind of given up on convincing >> other people the fix their stuff (dayjob trauma). Sorry about that. > > It’s also a very small percentage of servers that are broken. If you look at > the time series > on https://ednscomp.isc.org/ you can drill done and see the values. For > example there are a > little over 10 servers for all zones in .GOV that exhibit this broken > behaviour. It’s gone > from ~11% in 2014 to 0.26% currently. We are at the mop up stage. For some > other populations > we are at 0%. > > The EDNS specification was updated in April 2013 to specify some unspecified > behaviour. In > particular this was added.
While I hearfully agree with the need to polish the network, some measures can be a problem unless there is a really big commitment from the Big Guns. In my case I had to abort an upgrade to 9.18 on our recursive servers because, well, “Google DNS worked better than ours” going back to 9.16. I know it´s the same situation that happened when Internet Explorer “successfully” rendered all kinds of abominations while proper web clients barfed (with good reason!) and I also know that lousy formats and lack of respect for standars are the breeding ground of serious security incidents. End of rant: A wider consensus is needed. Borja. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
