default local DNS caching name server

Reindl Harald h.reindl at thelounge.net
Sat Apr 12 15:16:56 UTC 2014



Am 12.04.2014 17:05, schrieb Paul Wouters:
> On Sat, 12 Apr 2014, Reindl Harald wrote:
> 
>> nonsense - there are so much ISP nameservers broken out there
>> responding with wildcards and so on that you can not trust them
>> and you will realize that if not before after you started to run
>> a production mailserver which relies on NXDOMAIN responses for
>> proper operations
> 
> That's not what the http://atlas.ripe.net/ data set indicates. Your
> story seems anecdotal and incidental.

if you call the year 2012 anecdotal then yes

> Yes, there are a few bad players out there (like Rogers in Canada) but
> those are in a minority

it is not a matter of bad players, it is a matter of stupid admins
on ISP sides - the case of our server was the largest ISP here and
they simply had bugs in der load-balcing resulting in random results
(current and outdated) from the same nameserver IP

another one was also a large ISP which started 2013 to give that
wrong answers for our ipv4 address in 2013 because they fucked up
their DNS due try to implement ipv6

in both cases i know for sure what happened at the ISP
note that the change was done in 2011 and we are even the GLUE record

another big player at that time was OpenDNS

sicne there are not too much DNS servers of ISP answering to non customer
ip addresses i found around 50 public nameservers all over the world and
15 of them where wrong after more than 7 months - yes it is a minority
because it's below 50% but *way too much* for such a critical service
like DNS

and here i did not talk a single time about overloaded and not responding
IPS DNS again and again - we had many years massive troubles to access
websites and it was always "could not be found" in Firefox which means
no DNS answer - guess what - after no longer using forwarders nobody
has seen that message again

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140412/973eb9e4/attachment.sig>


More information about the devel mailing list