In message <ED450BED-5C57-4B90-A8BD-7160015B893A@puck.nether.net>, Jared Mauch writes:
On Sep 27, 2016, at 12:43 AM, Mark Andrews <marka@isc.org> wrote:
Why not? You call a washing machine mechanic when the washing machine plays up. This is not conceptually different.
Mark,
Your logic is infallible here, but the equivalencies are not. If I drive on the road and it’s bumpy, I would complain to the road people, but some people will take their car to the shop and says it shakes.
When you are a toll-free call away from a complaint, often this barrier of proof is quite high. I recall something that Vijay said when he was still at AOL, if the customer phones in for support they lost all profit on the customer for the lifetime of the customer.
Given that most people make decisions based on lowest cost (which isn’t always lowest or best due to marketing, promos, etc) the barrier for burden of proof is set such that a carrier must prove to a non-technical user it’s their fault.
This proof is tough, not impossible, but look at your EDNS project, the problems are real and often can’t be easily addressed.
Actually, EDNS shows they can be addressed. Firewall vendors are changing the defaults to allow through all packets that match the test classes. DNS vendors are fixing their products to properly handle packets with EDNS extension. DNS hosters are fixing their deployed firewalls and servers. Soon I'll be asking, my local opposition MP if she can ask why the DNS servers for *.gov.au aren't compliant with the standard after reporting to the DNS operators that they are broken. I suspect she will have fun with having more material to fling around. I'm having to reduce the parallelism of the test runs because the packets are being answered. Fixing EDNS is basically a education issue. Raise the awareness until it becomes something one can't ignore. Go look at the TLD graphs. Almost all the TLD operators have fixed their firewalls / servers. If Microsoft and Go Daddy fix their servers most of the incorrect echoing EDNS options and EDNS flags will disappear. Both have been informed. Microsoft about 2 years ago when we let them know that their servers have issues with EDNS, this included both the servers they ship in Windows and the servers answering DNS queries for Microsoft domains. They where reminded a year ago. Go Daddy was informed very recently (via email). Note that COOKIE is echoed. Also you can't report this to Microsoft using the email address listed below which was designed for reporting issues like this. Microsoft wants you to create a account or use twitter (which also requires an account to be created). You will note the DNS COOKIES are on by default. BIND 9.11.0 will be sending its queries with a DNS COOKIE option present. All your servers need to cope. % dig boimi.gov. @ns1-06.azure-dns.com soa ; <<>> DiG 9.11.0rc2 <<>> boimi.gov. @ns1-06.azure-dns.com soa ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54172 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ; COOKIE: ddcbdd73de5d5ef8 (echoed) ;; QUESTION SECTION: ;boimi.gov. IN SOA ;; ANSWER SECTION: boimi.gov. 3600 IN SOA ns1-06.azure-dns.com. azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300 ;; ADDITIONAL SECTION: ns1-06.azure-dns.com. 3600 IN A 40.90.4.6 ;; Query time: 141 msec ;; SERVER: 40.90.4.6#53(40.90.4.6) ;; WHEN: Wed Sep 28 07:11:15 EST 2016 ;; MSG SIZE rcvd: 152 % % dig microsoft.com @ns1.msft.net ; <<>> DiG 9.11.0rc2 <<>> microsoft.com @ns1.msft.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 7450 ;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 5a294c21d4ac66a3 (echoed) ;; QUESTION SECTION: ;microsoft.com. IN A ;; Query time: 269 msec ;; SERVER: 2620:0:30::53#53(2620:0:30::53) ;; WHEN: Wed Sep 28 07:05:34 EST 2016 ;; MSG SIZE rcvd: 54 % dig microsoft.com @ns1.msft.net +nocookie ; <<>> DiG 9.11.0rc2 <<>> microsoft.com @ns1.msft.net +nocookie ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26221 ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;microsoft.com. IN A ;; ANSWER SECTION: microsoft.com. 3600 IN A 23.96.52.53 microsoft.com. 3600 IN A 191.239.213.197 microsoft.com. 3600 IN A 104.40.211.35 microsoft.com. 3600 IN A 104.43.195.251 microsoft.com. 3600 IN A 23.100.122.175 ;; Query time: 425 msec ;; SERVER: 2620:0:30::53#53(2620:0:30::53) ;; WHEN: Wed Sep 28 07:05:39 EST 2016 ;; MSG SIZE rcvd: 122 % Mark
- Jared -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org