Hej! Jag har implementerat tester av DNS Cookies (RFC 7873 / RFC 9018) i gonemaster. Och det är uppenbart att det finns ett problem med kakorna när det gäller uppsättning av Anycast. För .se-zonen märks detta för namnservrarna b.ns.se och c.ns.se. I 14 av 20 tester blir det helt enkelt fel när man försöker använda en kaka. Anledningen är att dessa namnservrar inte synkar HMAC-hemlisar mellan sig. Kanske inte någon jättegrej, men en tydlig förbättringsåtgärd. Specificationen: https://pawal.codeberg.page/gonemaster/specifications/tests/nameserver/names... Vill man se ett resultat i GUI: https://gonemaster.evilbit.de/#/result/OAJB35VX Resultat av 20 körningar av detta testcase med CLI: pawal@dev:~/gonemaster$ for i in {1..20}; do bin/gonemaster --testcase nameserver17 se; done Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.42 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= 3.45 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= 3.40 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "c.ns.se/192.36.135.107". Seconds Level Message ======= ======== ======= 3.49 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107;b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= 3.46 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/192.36.135.107". Seconds Level Message ======= ======== ======= 3.56 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107". Seconds Level Message ======= ======== ======= 3.48 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107;c.ns.se/192.36.135.107;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.38 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= 3.43 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/192.36.135.107". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.47 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= 3.42 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= 3.37 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.50 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.45 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/2001:67c:2554:301::53".