Hej Patrik! Alltid kul med utveckling och alltid springer man in i något! :-) Såsom dinosaurius technicus för DNS-tjänsten på b.ns.se och c.ns.se, så kan jag bekräfta att de inte synkar kakor mellan sig, men jag är inte riktigt med på varför det skapar problem. Låt mig påminna mig lite hur kakor skall funka och kolla lite på hur vi faktiskt gör och återkomma. Om vi gör fel får vi försöka fixa. Glada hälsningar /Liman #---------------------------------------------------------------------- # Lars-Johan Liman, M.Sc. ! E-mail: liman@netnod.se # Senior Systems Specialist ! Mobile: +46 708 - 54 06 66 # Netnod AB, Stockholm ! https://www.netnod.se/ #---------------------------------------------------------------------- ns.se@lists.iis.se 2026-06-24 11:56 [+0200]:
Hej!
Jag har implementerat tester av DNS Cookies (RFC 7873 / RFC 9018) i gonemaster. Och det är uppenbart att det finns ett problem med kakorna när det gäller uppsättning av Anycast. För .se-zonen märks detta för namnservrarna b.ns.se och c.ns.se. I 14 av 20 tester blir det helt enkelt fel när man försöker använda en kaka. Anledningen är att dessa namnservrar inte synkar HMAC-hemlisar mellan sig.
Kanske inte någon jättegrej, men en tydlig förbättringsåtgärd.
Specificationen: https://pawal.codeberg.page/gonemaster/specifications/tests/nameserver/names...
Vill man se ett resultat i GUI: https://gonemaster.evilbit.de/#/result/OAJB35VX
Resultat av 20 körningar av detta testcase med CLI:
pawal@dev:~/gonemaster$ for i in {1..20}; do bin/gonemaster --testcase nameserver17 se; done Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.42 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= 3.45 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= 3.40 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "c.ns.se/192.36.135.107". Seconds Level Message ======= ======== ======= 3.49 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107;b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= 3.46 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/192.36.135.107". Seconds Level Message ======= ======== ======= 3.56 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107". Seconds Level Message ======= ======== ======= 3.48 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107;c.ns.se/192.36.135.107;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.38 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/192.36.133.107;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= 3.43 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/192.36.135.107". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.47 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= 3.42 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= 3.37 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.50 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "c.ns.se/2001:67c:2554:301::53". Seconds Level Message ======= ======== ======= Looks OK. Seconds Level Message ======= ======== ======= 3.45 WARNING The following name server(s) rejected with BADCOOKIE, even after a retry, a Server Cookie they had just issued (RFC 7873): "b.ns.se/2001:67c:254c:301::53;c.ns.se/2001:67c:2554:301::53". -- Ns.se mailing list -- ns.se@lists.iis.se To unsubscribe send an email to ns.se-leave@lists.iis.se