Retourner à l'accueil du site  
Design:
Accueil
Actu Freenews
FAQ
Forums
Glossaire
Etat du réseau
Dossiers
Dialogue en direct
Liens ADUF
Newsletter
Livre d'or
Statistiques
A propos de l'ADUF
Le domaine hd.Free.fr pas complètement compatible avec EDNS
 Aller en bas de la page
ADUF Index du Forum » Freebox dégroupé
Répondre au sujet Voir le sujet précédent : Voir le sujet suivant 
MessagePosté le: Mardi 5 Février 2019 17:12:25 Numéro présent dans le profil, mais problème de récupération des caractéristiques de la ligne Répondre en citantReporter le post à l'équipe de modération
philbach
(Auteur du topic)
 Habitué
Habitué

Hors-ligne
Inscrit le : 23 Déc 2004
Messages : 259
Sexe :

Forfait : Freebox Optique
Freebox : N/A




j'ai testé la compatibilité avec EDNS ici

https://dnsflagday.net

voici le compte-rendu

hd.Free.fr: Minor problems detected!

This domain is going to work after February 1st 2019.
This domain does not support latest DNS standards:
As a consequence this domain cannot support the latest security features and might be an easier target for network attackers than necessary.
These imperfections might cause problems in the future.
Administrators - it is recommended to fix problems mentioned in the technical report below to avoid compatibility problems in the future. Please see description for DNS admins. Thank you for cooperation!

technical report https://ednscomp.isc.org/ednscomp/7b957aceba

EDNS Compliance Tester
Checking: 'hd.Free.fr' as at 2019-02-05T16:00:39Z

hd.Free.fr. @213.228.58.42 (ns2-rev.proxad.net.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid (ns2-rev-d10-1)

hd.Free.fr. @213.228.57.42 (ns3-rev.proxad.net.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid (ns3-rev-i12-1)
The Following Tests Failed

Warning: test failures may indicate that some DNS clients cannot resolve the zone or will get a unintended answer or resolution will be slower than necessary.

Warning: failure to address issues identified here may make future DNS extensions that you want to use ineffective. In particular echoing back unknown EDNS options and unknown EDNS flags will break future signaling between DNS client and DNS server. We already have examples of this where you cannot depend on the AD flag bit meaning anything in replies because too many DNS servers just echo it back. Similarly the EDNS Client Subnet (ECS) option cannot just be sent to everyone in part because of servers just echoing it back.

EDNS - Unknown Version Handling (edns1)

dig +nocookie +norec +noad +edns=1 +noednsneg soa zone @server
expect: BADVERS
expect: OPT record with version set to 0
expect: not to see SOA
See RFC6891, 6.1.3. OPT Record TTL Field Use
EDNS - Unknown Version with Unknown Option Handling (edns1opt)

dig +nocookie +norec +noad +edns=1 +noednsneg +ednsopt=100 soa zone @server
expect: BADVERS
expect: OPT record with version set to 0
expect: not to see SOA
expect: that the option will not be present in response
See RFC6891

Codes

ok - test passed.
nsid - NSID supported [RFC5001].
soa - SOA record found when not expected.
noerror - rcode NOERROR returned when not expected.
badversion - inconsistent EDNS version returned.

To retrieve this report in the future: https://ednscomp.isc.org/ednscomp/7b957aceba

The source code for the tester can be downloaded from ISC Open Source Projects / DNS-Compliance-Testing.

For more information about EDNS please see the main site.
Voir le profil de l'utilisateur Envoyer un message privé
 ADUF Index du Forum »  Freebox dégroupé Aller en haut de la page
Toutes les heures sont à l'heure légale française  
Page 1 sur 1  
  
Sauter vers:  
Répondre au sujet  


Déclaration CNIL n°1012304 Partiellement basé sur phpBB © 2001, 2006 phpBB Group Traduction par : phpBB-fr.com