Rick, Michael, Now that I've resolved the crazy static-IPv6-have-it-yet-don't snafu, fixed after 20 tickets and 3 weeks of pain and persistence, I'm ready to join your ticket(s) on 5353. First, of course, I want to be certain that I have it right so when I open a ticket (and link it to yours) I am describing the right thing.
I think what I'm hearing is that *outbound* 5353 UDP traffic gets NAT-ed to the modem WAN address and times out because Rick blocks unknown IPs? This seems to be an issue only over the Comcast network, because no one else is doing the crazy stuff with 5353. It only happens on destinations that are on Comcast but that's just an artifact because we have not tried other 5353 sites. Aren't any probably that we know of that are handy?
I assume that understanding may be way off, but that's my opening remark.
I do not get the impression that 5353 is being blocked as an incoming message by Comcast. The assumption I think is that this is some sort of undocumented 'feature' of something some bozo thought was helpful regarding MDNS / Zero Config. No other ISP we know of seems to have had the same brain fail over this 'helpful' behavior AFAIK.
Also need to know which of the two ticket #s I see mentioned I should join.
Once I hear from you guys whether I have this right, and verify the behavior, I'll proceed with tickets.
tnx Al
On 6/4/2024 22:35, Rick Moen wrote:
Quoting Michael Paoli (michael.paoli@berkeley.edu):
Many will, by default, issue NOTIFY from all authoritative nameservers. At first that might seem odd, but, I believe the logic goes about like this: the overhead is low clients that don't care can/will (mostly) ignore authoritative (whether primary or secondary) has no way of knowing how other authoritatives downstream of it are configured, so, e.g. some authoritatives may only get their data via other secondary(/ies), and not direct from master, etc.
Yes, as I was saying, I had a faint recollection that the matter of Aaron T. Porter's ns.primate.net issuing NOTIFY for domains on which it's secondary, not primary, had come up in some of my earlier efforts to puzzle out strange nameserver behaviour. I just couldn't remember exactly how that had unfolded -- other than my obviously having decided to take no action.
Obviously it's at worst harmless, and I can/should just add another "ignore" line to the logcheck configuration so I stop being told about it. I just was taking a moment to try to figure out whether this is deliberate behaviour and why it's there. Your answer will serve splendidly. Although, I'm bothered that the usual information sources don't seem to cover this.
On the third hand, I didn't look _too_ closely, e.g,, maybe it's covered in the Zytrax's "DNS for Rocket Scientists" or the related dead-tree book _Pro DNS and BIND_.
Slightly weird, anyway.
BALUG-Admin mailing list BALUG-Admin@lists.balug.org https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin