So, I'm sitting in a hotel in Melbourne (APRICOT20), trying to get some work done[0].
They have a captive portal which a: logs you our fairly often and b: requires you use their DNS server. Ugh, but OK. ..but, they have managed to invent some new, and interesting failure mode - if I look up a name which isn't in the cache, I *immediatly* get back a SERVFAIL. Ask the question a bunch more times, and after a few seconds you start getting an answer. $ dig www.snozzages.com | grep status ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47760 $ dig www.snozzages.com | grep status ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3344 $ dig www.snozzages.com | grep status ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48739 .... [ continues for ~4 seconds ] $ dig www.snozzages.com | grep status ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3417 $ dig www.snozzages.com | grep status ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58153 $ dig www.snozzages.com | grep status ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23212 So, this is annoying, but kind-of possibly, if you squint really hard, OK. but, the other failure mode (which I'm having a hard time capturing at the moment) goes: NXDOMAIN NXDOMAIN NXDOMAIN ANSWER! This behavior is baffling - other than intentionally, how do you managed to break something this badly / in this way!? Oh, I just needed to rant a bit... W [0]: Yeah, ok, I was trying to reach Reddit..... -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations