[DNS] testing EDNS

[DNS] testing EDNS

From: Danny Thomas <d.thomas§its.uq.edu.au>
Date: Sat, 25 Oct 2008 10:29:53 +1000
Anand Kumria wrote:
> Hi,
>
> I've upgraded my nameservers to Bind 9.5 and am now receiving many
> instances of an error message complaining that a particular DNS server
> does not have EDNS enabled.
>
> Amonst them were the .au (and other sub-domains); does anyone know if
> EDNS is enabled for the .au nameservers?
>
> Does anyone have a good way to test that EDNS is working end-to-end?
>   
suspect you simply want to stop logging these
here's the relevant section of our named,conf logging stanza

        # [DMT 21-Jul-2008] have been logging a lot of these after update to
        # 9.5 which always tries EDNS. Most if not all come from queries 
failing
        # such as "no servers could be reached". See description in ARM 
where
        # the lack of response is currently not treated as packet loss, 
but as
        # coming from servers not responding (with a FORMERR) when receiving
        # something they don't understand, like EDNS. So I don't think 
we miss
        # anything by not logging these.
        # 
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/cfa8c63ec6bd08d6
        category edns-disabled { null; };

NB I tried Mark Andrews tests for firewall/NAT problems
and saw no issue. For about 20 entries appearing in our logs,
I tried a manual dns lookup and nearly all resulted in "no servers
could be reached", i.e. bad packet loss or lame delegations.

Danny
Received on Fri Oct 24 2008 - 17:29:53 UTC

This archive was generated by hypermail 2.3.0 : Sat Aug 23 2014 - 08:00:17 UTC