[BALUG-Admin] NOTIFY should only ever come from

Al awbalug@sunnyside.com
Thu Jun 6 19:13:36 UTC 2024


Rick, Michael,
Now that I've resolved the crazy static-IPv6-have-it-yet-don't snafu, 
fixed after 20 tickets and 3 weeks of pain and persistence,
I'm ready to join your ticket(s) on 5353.  First, of course, I want to 
be certain that I have it right so when I open a ticket (and
link it to yours) I am describing the right thing.

I think what I'm hearing is that *outbound* 5353 UDP traffic gets NAT-ed 
to the modem WAN address and times out because Rick blocks unknown IPs?
This seems to be an issue only over the Comcast network,  because no one 
else is doing the crazy stuff with 5353.  It only happens on 
destinations that
are on Comcast but that's just an artifact because we have not tried 
other 5353 sites.  Aren't any probably that we know of that are handy?

I assume that understanding may be way off, but that's my opening remark.

I do not get the impression that 5353 is being blocked as an incoming 
message by Comcast.
The assumption I think is that this is some sort of undocumented 
'feature' of something some bozo thought was helpful regarding MDNS / 
Zero Config.
No other ISP we know of seems to have had the same brain fail over this 
'helpful' behavior AFAIK.

Also need to know which of the two ticket #s I see mentioned I should join.

Once I hear from you guys whether I have this right, and verify the 
behavior, I'll proceed with tickets.

tnx
Al

On 6/4/2024 22:35, Rick Moen wrote:
> Quoting Michael Paoli (michael.paoli@berkeley.edu):
>
>> Many will, by default, issue NOTIFY from all authoritative nameservers.
>> At first that might seem odd, but, I believe the logic goes about like this:
>> the overhead is low clients that don't care can/will (mostly) ignore
>> authoritative (whether primary or secondary) has no way of knowing how
>> other authoritatives downstream of it are configured, so, e.g.  some
>> authoritatives may only get their data via other secondary(/ies), and
>> not direct from master, etc.
> Yes, as I was saying, I had a faint recollection that the matter of
> Aaron T. Porter's ns.primate.net issuing NOTIFY for domains on which
> it's secondary, not primary, had come up in some of my earlier efforts
> to puzzle out strange nameserver behaviour.  I just couldn't remember
> exactly how that had unfolded -- other than my obviously having decided
> to take no action.
>
> Obviously it's at worst harmless, and I can/should just add another
> "ignore" line to the logcheck configuration so I stop being told about
> it.  I just was taking a moment to try to figure out whether this is
> deliberate behaviour and why it's there.  Your answer will serve
> splendidly.  Although, I'm bothered that the usual information sources
> don't seem to cover this.
>
> On the third hand, I didn't look _too_ closely, e.g,, maybe it's covered
> in the Zytrax's "DNS for Rocket Scientists" or the related dead-tree
> book _Pro DNS and BIND_.
>
> Slightly weird, anyway.
>
>
>
> _______________________________________________
> BALUG-Admin mailing list
> BALUG-Admin@lists.balug.org
> https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin




More information about the BALUG-Admin mailing list