turning off EDNS0

Mark Andrews Mark_Andrews at isc.org
Wed Dec 29 23:45:04 UTC 2004

> I am running bind version "BIND 9.2.2-P1" and I notice that my query 
> times are very long.  When I run Ethereal to see why, I see that initial 
> queries are sending the OPT pseudo RR.  Almost every nameserver out 
> there responds to this with RCODE "format error" and then bind issues 
> another query without this extension.

	Actually the majority of servers out there know about EDNS.
> This is really increasing my relsoving time.  I would really like to 
> disable this, but apparently I can only do this on a per server basis.

	The delays caused by EDNS probes are generally not noticable to
	the end user.

	You are most probably seeing the side effects of the addition of
	tickled a bug in BIND 9 (fixed in 9.2.5/9.3.1 out soon).  This also
	exposed misconfigured firewalls that incorrectly dropped EDNS
	replies bigger than 512 octets.  The EDNS referral to the COM /
	NET servers now exceeds 512 octets.

	Upgrade to 9.3.0 and run "named -4" to work around the BIND 9

	Upgrade to 9.3.0 and set "edns-udp-size 512;" in options if you
	have a broken firewall.  This should be seen as a short term
	work-around until you get the firewall fixed.
	You can determine if the firewall is misconfigured if you get
	a response to the first query and not to the second query.

		dig soa com +norec @a.root-servers.net
		dig soa com +norec +bufsize=1024 @a.root-servers.net

> First, I would like to know how to disable this globally (hopefully 
> without recompililng).  But something makes me think this is not what I 
> want to do.  I just can't believe that ISC would release BIND9 
> configured by default to double resolving times.  Am I doing something 
> wrong?
> ---
> Joe Harvell
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list