our isp not supports EDNS?
Bill Buhlman
billbuhlman at yahoo.com
Tue Jun 22 17:14:36 UTC 2010
another example:
dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2010-06-22 17:11:44 UTC"
"169.199.1.1 sent EDNS buffer size 4096"
"169.199.1.1 DNS reply size limit is at least 3843"
--- On Tue, 6/22/10, Anatoly Pugachev <mator at team.co.ru> wrote:
From: Anatoly Pugachev <mator at team.co.ru>
Subject: Re: our isp not supports EDNS?
To: "Mark Andrews" <marka at isc.org>
Cc: "Jeff Pang" <PANGJ at arcor.de>, bind-users at isc.org
Date: Tuesday, June 22, 2010, 8:58 AM
Mark,
please see below...
On 04.05.2010 / 14:31:25 +1000, Mark Andrews wrote:
>
> In message <y2sf7e964441005031927m7774769ev280156817d8b4d53 at mail.gmail.com>, Je
> ff Pang writes:
> > Hello,
> >
> > Following the discussions in the list, I made a test on one of our
> > servers, which is in an ISP's datacenter.
> >
> > The result is below:
> >
> > $ dig +short rs.dns-oarc.net txt
> > rst.x476.rs.dns-oarc.net.
> > rst.x485.x476.rs.dns-oarc.net.
> > rst.x490.x485.x476.rs.dns-oarc.net.
> > "218.204.255.72 DNS reply size limit is at least 490"
> > "218.204.255.72 lacks EDNS, defaults to 512"
> > "Tested at 2010-05-04 02:23:51 UTC"
> >
> > Does this mean our ISP's filrewall block EDNS query/response?
>
> Maybe / maybe not. It could just mean that the nameserver itself
> doesn't support EDNS.
How bad it is, if providers server doesn't support/make eDNS queries?
Does eDNS support/usage is for DNSSEC protocol only? I mean, that my
collegue propose to use the following statement in named.conf:
server 0.0.0.0/0 {
edns no;
};
in fix to the broken servers, which are doesn't support eDNS queries, for
example ns51 / ns52.domaincontrol.com ( which are hosting a lot of domains
http://www.statsinfinity.com/ns_parent_zone_info/DOMAINCONTROL.COM and dig
+bufsize requests to them are ending with a timeout, so it probably just
firewall'ed for packets more than 512 bytes long).
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100622/203c6e42/attachment.html>
More information about the bind-users
mailing list