success resolving xxx after disabling EDNS
Greg Choules
gregchoules+bindusers at googlemail.com
Wed May 4 12:34:00 UTC 2022
Hi Veronique.
Every DNS server should support EDNS by now. It has been around for a very
long time. Even if it doesn't support EDNS it should ignore it.
I made some test queries and packet captures to 23.82.12.28. Whatever this
box is, please talk to the manufacturer about EDNS support.
Or.. it may be that some network infrastructure - firewalls are usually the
first place to look - is blocking this traffic.
Whatever is happening at the authoritative end, it needs to be fixed. All
modern recursive servers will use EDNS.
Cheers, Greg
On Wed, 4 May 2022 at 13:13, Veronique Lefebure <veronique.lefebure at cern.ch>
wrote:
> Hello,
>
> If we see this on our DNS server logs (BIND 9.11):
>
> 04-May-2022 12:55:37.675 edns-disabled: info: success resolving '
> sour.woinsta.com/A' (in 'woinsta.com'?) after disabling EDNS
>
> - are we correct to say that with BIND 9.16, that query wil always fail
> because EDNS won't be disabled anymore ?
> - is there any tuning that needs to be done ?
> - with BIND 9.11: how many times does BIND try before disabling EDNS ?
> from what we can see in the logs, BIND seems to first try all NS and as
> they all fail, then it disable EDNS and then retries. Is it correct ?
>
> Thanks,
> Veronique
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220504/59141f82/attachment-0001.htm>
More information about the bind-users
mailing list