Jonathan de Boyne Pollard J.deBoynePollard at Tesco.NET
Thu Nov 18 04:43:34 UTC 2004

LK> Is it possible to have a DNS server configured to not
LK> work with DNS servers that don't support EDNS?

It is.  I wrote a resolving proxy DNS server that (at one point) did 
exactly that.  Its utility was less than stellar; since the set of DNS 
servers that don't support EDNS0 includes (amongst *many* others) the 
"com." and "net." content DNS servers.  Excluding all such servers 
renders vast swathes of the DNS namespace (including "com.", "net.", and 
everything beneath them) unresolvable at a stroke.

Partly because it *would* result in such a small world, no proxy DNS 
server software (that I know of) has the capability of being configured 
to use EDNS0 exclusively, without falling back to the standard protocol 
- although I did idly consider making that a configurable option in the 
one that I wrote.

Indeed, given the current lack of EDNS0 support by public content DNS 
servers, even supporting EDNS0 *with* fallback in a resolving proxy DNS 
server has little to no benefit.  The gain from losing the DNS/TCP 
setup/teardown overhead in the minor subset of cases where TCP fallback 
would otherwise be used is greatly diminished by the loss incurred by 
the concomitant increase in DNS/UDP traffic for all lookups across the 
board due to the failed probes to all of the public content DNS servers 
that don't support EDNS0.  And that's not to mention the well-known 
problem with broken firewalls and EDNS0/UDP.  As a consequence, in 
contrast: DNS server softwares *do* have capabilities to be configured 
to not use EDNS0 at all.  (-:

Of course, supporting EDNS0 in content DNS servers does not have the 
drawback of the extra probe datagram traffic.  It's also simpler to 
implement than supporting EDNS0 in resolving proxy DNS servers.  The 
irony is that if everyone merely did only the easy part, of implementing 
EDNS0 support in their content DNS servers (even if only to support 
DNS/UDP datagram sizes up to 512 octets), the current situation for the 
resolving proxy DNS servers that attempt to use EDNS0 would be much 

More information about the bind-users mailing list