success resolving xxx after disabling EDNS

Petr Špaček pspacek at isc.org
Wed May 4 13:20:15 UTC 2022 

On 04. 05. 22 14:34, Greg Choules via bind-users wrote:
> Hi Veronique.
> Every DNS server should support EDNS by now. It has been around for a 
> very long time. Even if it doesn't support EDNS it should ignore it.
> 
> I made some test queries and packet captures to 23.82.12.28. Whatever 
> this box is, please talk to the manufacturer about EDNS support.
> Or.. it may be that some network infrastructure - firewalls are usually 
> the first place to look - is blocking this traffic.
> 
> Whatever is happening at the authoritative end, it needs to be fixed. 
> All modern recursive servers will use EDNS.

After all EDNS is from 1999 ...

The name servers for this domain have more problems to fix as well:

https://dnsviz.net/d/woinsta.com/YnJ6tQ/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk=

Petr Špaček


> 
> Cheers, Greg
> 
> On Wed, 4 May 2022 at 13:13, Veronique Lefebure 
> <veronique.lefebure at cern.ch <mailto:veronique.lefebure at cern.ch>> wrote:
> 
>     __
>     Hello,
> 
>     If we see this on our DNS server logs (BIND 9.11):
> 
>     04-May-2022 12:55:37.675 edns-disabled: info: success resolving
>     'sour.woinsta.com/A <http://sour.woinsta.com/A>' (in 'woinsta.com
>     <http://woinsta.com>'?) after disabling EDNS
> 
>     - are we correct to say that with BIND 9.16, that query wil always
>     fail because EDNS won't be disabled anymore ?
>     - is there any tuning that needs to be done ?
>     - with BIND 9.11: how many times does BIND try before disabling EDNS
>     ? from what we can see in the logs, BIND seems to first try all NS
>     and as they all fail, then it disable EDNS and then retries. Is it
>     correct ?
> 
>     Thanks,
>     Veronique
>     -- 
>     Visit https://lists.isc.org/mailman/listinfo/bind-users
>     <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe
>     from this list
> 
>     ISC funds the development of this software with paid support
>     subscriptions. Contact us at https://www.isc.org/contact/
>     <https://www.isc.org/contact/> for more information.
> 
> 
>     bind-users mailing list
>     bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>     https://lists.isc.org/mailman/listinfo/bind-users
>     <https://lists.isc.org/mailman/listinfo/bind-users>
> 
> 


-- 
Petr Špaček

More information about the bind-users mailing list