Hi, This software might be of interest for DNS anycast providers (or customers) which are running BIND. With BIND 9.11 and newer DNS Cookies are enabled **automatically**.
While I was searching for software to check DNS Cookies and I didn't find anything. Therefore I wrote this small Perl script to check DNS anycast instances (over their mgmt-ip) for synchronized DNS Cookies: https://github.com/stasic/dns-cookies/ If DNS Cookies are not the same between different DNS anycast instances it may cause warnings and intermittent query retries. Therefore I suggest either synchronize them or disable them. ISC addressed this issue in their knowledge base: https://kb.isc.org/docs/dns-cookies-on-servers-in-anycast-clusters happy cookie gathering Arsen
signature.asc
Description: PGP signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
