success resolving xxx after disabling EDNS
Veronique Lefebure
veronique.lefebure at cern.ch
Wed May 4 14:17:40 UTC 2022
Thanks Greg and Ondrej,
Many thanks for the pointer to DNS Cookies in BIND 9 (isc.org) https://kb.isc.org/docs/aa-01387
I have used https://ednscomp.isc.org/ednscomp/1ba42afa27 to check if they are compliant, but the answer is ambiguous:
EDNS Compliance Tester
Checking: 'sour.woinsta.com' as at 2022-05-04T13:45:39Z
sour.woinsta.com.: NS lookup failed
Codes
* ok - test passed.
Anyway, from what you have seen you are suspecting that the problem is on the woinsta.com side and not on our side ?
The following indeed indicates a problem related to cookies:
dig @ns1.thednscloud.com. +nocookie sour.woinsta.com A +short
23.82.12.29
while
dig @ns1.thednscloud.com. +cookie sour.woinsta.com A +short
; <<>> DiG 9.11.36 <<>> @ns1.thednscloud.com. +cookie sour.woinsta.com A +short
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
I will try send-cookie no for that server to confirm it is the source of the issue.
Cheers,
Veronique
> On 04/05/2022 14:34 Greg Choules <gregchoules+bindusers at googlemail.com> wrote:
>
>
> Hi Veronique.
> Every DNS server should support EDNS by now. It has been around for a very long time. Even if it doesn't support EDNS it should ignore it.
>
> I made some test queries and packet captures to 23.82.12.28. Whatever this box is, please talk to the manufacturer about EDNS support.
> Or.. it may be that some network infrastructure - firewalls are usually the first place to look - is blocking this traffic.
>
> Whatever is happening at the authoritative end, it needs to be fixed. All modern recursive servers will use EDNS.
>
> Cheers, Greg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220504/0ba4bc4a/attachment.htm>
More information about the bind-users
mailing list