our isp not supports EDNS?
Mark Andrews
marka at isc.org
Tue Jun 22 23:27:35 UTC 2010
In message <20100622155814.GD4877 at puga.deis.gldn.net>, Anatoly Pugachev writes:
> Mark,
>
> please see below...
>
> On 04.05.2010 / 14:31:25 +1000, Mark Andrews wrote:
> >
> > In message <y2sf7e964441005031927m7774769ev280156817d8b4d53 at mail.gmail.com>
> , Je
> > ff Pang writes:
> > > Hello,
> > >
> > > Following the discussions in the list, I made a test on one of our
> > > servers, which is in an ISP's datacenter.
> > >
> > > The result is below:
> > >
> > > $ dig +short rs.dns-oarc.net txt
> > > rst.x476.rs.dns-oarc.net.
> > > rst.x485.x476.rs.dns-oarc.net.
> > > rst.x490.x485.x476.rs.dns-oarc.net.
> > > "218.204.255.72 DNS reply size limit is at least 490"
> > > "218.204.255.72 lacks EDNS, defaults to 512"
> > > "Tested at 2010-05-04 02:23:51 UTC"
> > >
> > > Does this mean our ISP's filrewall block EDNS query/response?
> >
> > Maybe / maybe not. It could just mean that the nameserver itself
> > doesn't support EDNS.
>
> How bad it is, if providers server doesn't support/make eDNS queries?
> Does eDNS support/usage is for DNSSEC protocol only? I mean, that my
> collegue propose to use the following statement in named.conf:
>
> server 0.0.0.0/0 {
> edns no;
> };
You are throwing the baby out with the bath water. There are very few
servers that respond to EDNS queries with plain DNS responses and named
will still resolve from them despite the broken middleware. I susggest
that rather than doing this that you complain to you ISP and have them
trace the fault.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list