[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: edns esc blacklisted by google ?

I do have one piece of the response that is returned, which is the RCODE, and I am seeing in our logs that we received a number of responses (notably for d.gcdn.co and cl-ce9dafbe.gcdn.co) where your name servers returned REFUSED (5). I know that some name servers (newer BIND is one) that will return REFUSED in some cases when they will not accept the ECS data (e.g. they will only take zero source-prefix-length, or require that the source prefix match the client's actual IP address, or that it is a routable address, etc. etc.). I can't tell if your name servers are responding with ECS option when they send back REFUSED responses, but I guess that they might not.

NS Name HasECS Status Queries cl-ce9dafbe.gcdn.co. true 5 54 cl-ce9dafbe.gcdn.co. true 5 66 cl-ce9dafbe.gcdn.co. true 5 67 d.gcdn.co. true 5 116 cl-ce9dafbe.gcdn.co. true 5 116 d.gcdn.co. true 5 142 d.gcdn.co. true 5 163 d.gcdn.co. true 5 224 cl-ce9dafbe.gcdn.co. false 5 685 cl-ce9dafbe.gcdn.co. false 5 738 cl-ce9dafbe.gcdn.co. false 5 741 cl-ce9dafbe.gcdn.co. false 5 742 d.gcdn.co. false 5 1543 d.gcdn.co. false 5 1601 d.gcdn.co. false 5 1610 d.gcdn.co. false 5 1647

You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/7bf657b8-36e5-4cb8-9b27-2b12a5d5106d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.