<div dir="ltr"><div><div><div><div><div><div><div><div><div><div><div>Hi Mark,<br><br></div>I generally ignore your emails since they always seem to hijack other threads.<br></div><br>Worse they focus on details not pertinent to the original thread.<br><br></div>In this case, I thought I'd check out the link and give you some feedback about it:<br><br></div> - Why is the design stuck in the '90s? It is the 21st century already.<br></div><div> - Where is the explanation of *WHY* this is a useful thing to check. Everyone knows you like to write emails but do you really want to be repeating yourself every time?<br></div> - Why can't the web page explain LDH (I know what it means, but who else here does? HTML has had <abbr> since forever )<br></div> - Colour. It is a thing. Why can't you use it to output red/orange/green.<br></div> - Speed. 10 seconds to check <a href="http://isc.org">isc.org</a>?! Again, 21st century and all that. <br></div> - Why isn't there an example of a *good* domain? (e.g. <a href="http://isc.org">isc.org</a>, <other prominent organisations>)<br></div> - Why not use the HTML5 placeholder attribute? It has been standardised for longer than the EDNS rfc.<br><br></div><div>I am sure I could nitpick a bunch of other, unrelated things as well.<br><br></div>Thanks,<br></div>Anand<br><div><div><div><div><div><div><div><div><div> <br><br></div></div></div></div></div></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 29 September 2016 at 09:26, Mark Andrews <span dir="ltr"><<a href="mailto:marka@isc.org" target="_blank">marka@isc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Now for them to use EDNS compliant nameservers. How hard is it to<br>
check that your nameservers actually follow the EDNS protocol.<br>
<br>
<a href="http://harveynorman.com.au" rel="noreferrer" target="_blank">harveynorman.com.au</a> @<a href="http://40.90.4.5" rel="noreferrer" target="_blank">40.90.4.5</a> (ns1-05.azure-dns.com.): dns=ok edns=ok edns1=status edns@512=ok ednsopt=echoed edns1opt=status do=ok ednsflags=ok edns@512tcp=ok optlist=subnet<br>
<a href="http://harveynorman.com.au" rel="noreferrer" target="_blank">harveynorman.com.au</a> @<a href="http://64.4.48.5" rel="noreferrer" target="_blank">64.4.48.5</a> (ns2-05.azure-dns.net.): dns=ok edns=ok edns1=status edns@512=ok ednsopt=echoed edns1opt=status do=ok ednsflags=ok edns@512tcp=ok optlist=subnet<br>
<a href="http://harveynorman.com.au" rel="noreferrer" target="_blank">harveynorman.com.au</a> @<a href="http://13.107.24.5" rel="noreferrer" target="_blank">13.107.24.5</a> (ns3-05.azure-dns.org.): dns=ok edns=ok edns1=status edns@512=ok ednsopt=echoed edns1opt=status do=ok ednsflags=ok edns@512tcp=ok optlist=subnet<br>
<a href="http://harveynorman.com.au" rel="noreferrer" target="_blank">harveynorman.com.au</a> @<a href="http://13.107.160.5" rel="noreferrer" target="_blank">13.107.160.5</a> (ns4-05.azure-dns.info.): dns=ok edns=ok edns1=status edns@512=ok ednsopt=echoed edns1opt=status do=ok ednsflags=ok edns@512tcp=ok optlist=subnet<br>
<br>
There are only 3 possible extension mechanisms and all 3 have<br>
instuctions on how to handle requests using those extension mechanisms<br>
that you don't know about. See RFC 6891.<br>
<br>
EDNS version increase -> return BADVERS with the highest version you support<br>
EDNS option -> ignore options you do not understand (don't copy them into the response)<br>
EDNS flags -> ignore flags you do not understand (don't copy them into the response)<br>
<br>
This misbehaviour already means that it has become impossible to<br>
count how many servers support the ECS option.<br>
<br>
Please check your servers to ensure that they are EDNS compliant<br>
and if they are not FIX them. Only 60% of Australian DNS servers<br>
that nominally support EDNS are actually EDNS compliant.<br>
<br>
<a href="https://ednscomp.isc.org/ednscomp/" rel="noreferrer" target="_blank">https://ednscomp.isc.org/<wbr>ednscomp/</a><br>
<br>
Two of the extension mechanisms are in use today. Queries from<br>
recursive servers do have EDNS options present and they do have<br>
EDNS flag bits set. There is zero reason not to expect all three<br>
extension mechanism will be used in the future.<br>
<br>
Only idiots drop DNS queries with EDNS extension present. Even the<br>
firewall vendors are removing code that does so. EDNS was designed<br>
to allow clients to start using now options, flags and versions<br>
without having to upgrade the servers and if you DNS server is EDNS<br>
compliant they will cause you no harm.<br>
<br>
Just because a EDNS option, flag or version is defined, it doesn't<br>
mean you have to support it. You do however need to correctly<br>
respond to it.<br>
<br>
Mark<br>
<div class="HOEnZb"><div class="h5"><br>
In message <<wbr>CAGq70SK5PmEXTnMqa0Ukt6NDjJ4qB<wbr>k9p6XBRzZH=<a href="mailto:2TwGn3-JRA@mail.gmail.com">2TwGn3-JRA@mail.<wbr>gmail.com</a>>, Russell Langton writes:<br>
><br>
> Hi All,<br>
><br>
> Saw this the other day;<br>
><br>
> <a href="https://azure.microsoft.com/en-us/blog/azure-networking-announcements-for-ignite-2016/" rel="noreferrer" target="_blank">https://azure.microsoft.com/<wbr>en-us/blog/azure-networking-<wbr>announcements-for-ignite-2016/</a><br>
><br>
> "Azure now supports Native IPv6 network connectivity for applications and<br>
> services hosted on Azure Virtual Machines. The demand for IPv6 has never<br>
> been greater with the explosive growth in mobile devices, billions of<br>
> Internet of Things (IOT) devices entering the market, along with new<br>
> compliance regulations. IPv6 has been used by internal Microsoft services<br>
> such as Office 365 for over three years. We are now offering this feature<br>
> to all Azure customers. Native IPv6 connectivity to the virtual machine is<br>
> available for both Windows and Linux VMs."<br>
><br>
> There is a linked page about further details about the load-balancing.<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Mark Andrews, ISC<br>
1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
PHONE: <a href="tel:%2B61%202%209871%204742" value="+61298714742">+61 2 9871 4742</a> INTERNET: <a href="mailto:marka@isc.org">marka@isc.org</a><br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br>
</font></span></blockquote></div><br></div>