Re: [knot-dns-users] Bad cookie problem (was: Inter-operability issues with other DNS Servers)

Hey \o by the same oddity. Actually, I'd think Knot is working it's set up :-D. On dt., nov. 03 2020, Frank Matthieß wrote: This here about badcookie-slip: The value N > 2 means that the server responds to every Nth query with an invalid cookie, the rest of the queries is dropped. https://www.knot-dns.cz/docs/3.0/singlehtml/#badcookie-slip You may want to put this to 2 or 1 if this is an issue for you. So, from my execution: as expected 2 UDP requests time out, and third one gets a BADCOOKIE response "immediately", which in turn triggers a retry with the received cookie and we get the correct response in the end: # kdig -t TXT virtion.cloud @nshp.cloud.vtnx.net +cookie=deadbeefdeadbeef ;; WARNING: response timeout for 5.28.40.210@53(UDP) ;; WARNING: response timeout for 5.28.40.210@53(UDP) ;; ->>HEADER<<- opcode: QUERY; status: BADCOOKIE; id: 45145 ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1 ;; EDNS PSEUDOSECTION: ;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: BADCOOKIE ;; COOKIE: DEADBEEFDEADBEEF010000005FA118A772BC61825609B7C0 ;; QUESTION SECTION: ;; virtion.cloud. IN TXT ;; Received 70 B ;; Time 2020-11-03 09:45:27 CET ;; From 5.28.40.210@53(UDP) in 8.7 ms ;; WARNING: bad cookie from 5.28.40.210@53(UDP), retrying with the received one ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 45152 ;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1 ;; EDNS PSEUDOSECTION: ;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR ;; COOKIE: DEADBEEFDEADBEEF010000005FA118A772BC61825609B7C0 ;; QUESTION SECTION: ;; virtion.cloud. IN TXT ;; ANSWER SECTION: virtion.cloud. 3600 IN TXT "v=spf1 ip4:5.28.40.0/21 mx -all" ;; Received 114 B ;; Time 2020-11-03 09:45:27 CET ;; From 5.28.40.210@53(UDP) in 8.0 ms Cheers, -- Evilham