EDNS
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Thu Nov 18 04:43:34 UTC 2004
LK> Is it possible to have a DNS server configured to not
LK> work with DNS servers that don't support EDNS?
It is. I wrote a resolving proxy DNS server that (at one point) did
exactly that. Its utility was less than stellar; since the set of DNS
servers that don't support EDNS0 includes (amongst *many* others) the
"com." and "net." content DNS servers. Excluding all such servers
renders vast swathes of the DNS namespace (including "com.", "net.", and
everything beneath them) unresolvable at a stroke.
Partly because it *would* result in such a small world, no proxy DNS
server software (that I know of) has the capability of being configured
to use EDNS0 exclusively, without falling back to the standard protocol
- although I did idly consider making that a configurable option in the
one that I wrote.
Indeed, given the current lack of EDNS0 support by public content DNS
servers, even supporting EDNS0 *with* fallback in a resolving proxy DNS
server has little to no benefit. The gain from losing the DNS/TCP
setup/teardown overhead in the minor subset of cases where TCP fallback
would otherwise be used is greatly diminished by the loss incurred by
the concomitant increase in DNS/UDP traffic for all lookups across the
board due to the failed probes to all of the public content DNS servers
that don't support EDNS0. And that's not to mention the well-known
problem with broken firewalls and EDNS0/UDP. As a consequence, in
contrast: DNS server softwares *do* have capabilities to be configured
to not use EDNS0 at all. (-:
Of course, supporting EDNS0 in content DNS servers does not have the
drawback of the extra probe datagram traffic. It's also simpler to
implement than supporting EDNS0 in resolving proxy DNS servers. The
irony is that if everyone merely did only the easy part, of implementing
EDNS0 support in their content DNS servers (even if only to support
DNS/UDP datagram sizes up to 512 octets), the current situation for the
resolving proxy DNS servers that attempt to use EDNS0 would be much
improved.
More information about the bind-users
mailing list