turning off EDNS0

[Mark Andrews]

> Mark:
> 
> The upgrade and the -4 option seemed to fix the problem.  I didn't 
> change the edns-udp-size since the firewall test passed.
> 
> I also specified "--enable-threads" in my build of 9.3.0, but I don't 
> know how 9.2.2-P1 was built.  I see 5 named processes in 'ps' when I run 
> 9.2.2-P1.  Does that mean it was built with --enable-threads?

	Read the FAQ that comes w/ BIND9.
 
> Thanks for your help.
> 
> Mark Andrews wrote:
> 
> >>I am running bind version "BIND 9.2.2-P1" and I notice that my query 
> >>times are very long.  When I run Ethereal to see why, I see that initial 
> >>queries are sending the OPT pseudo RR.  Almost every nameserver out 
> >>there responds to this with RCODE "format error" and then bind issues 
> >>another query without this extension.
> >>    
> >>
> >
> >	Actually the majority of servers out there know about EDNS.
> > 
> >  
> >
> >>This is really increasing my relsoving time.  I would really like to 
> >>disable this, but apparently I can only do this on a per server basis.
> >>    
> >>
> >
> >	The delays caused by EDNS probes are generally not noticable to
>	the end user.
> >
> >	You are most probably seeing the side effects of the addition of
> >	AAAA records for A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET.  This
> >	tickled a bug in BIND 9 (fixed in 9.2.5/9.3.1 out soon).  This also
> >	exposed misconfigured firewalls that incorrectly dropped EDNS
> >	replies bigger than 512 octets.  The EDNS referral to the COM /
> >	NET servers now exceeds 512 octets.
> >
> >	Upgrade to 9.3.0 and run "named -4" to work around the BIND 9
> >	bug.
> >
> >	Upgrade to 9.3.0 and set "edns-udp-size 512;" in options if you
> >	have a broken firewall.  This should be seen as a short term
> >	work-around until you get the firewall fixed.
> >	
> >	You can determine if the firewall is misconfigured if you get
> >	a response to the first query and not to the second query.
> >
> >		dig soa com +norec @a.root-servers.net
> >		dig soa com +norec +bufsize=1024 @a.root-servers.net
> >
> >  
> >
> >>First, I would like to know how to disable this globally (hopefully 
> >>without recompililng).  But something makes me think this is not what I 
> >>want to do.  I just can't believe that ISC would release BIND9 
> >>configured by default to double resolving times.  Am I doing something 
> >>wrong?
> >>
> >>---
> >>Joe Harvell
> >>
> >>
> >>    
> >>
> >--
> >Mark Andrews, ISC
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> >
> >  
> >
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org