Algorithm 'When to use EDNS0'?

Mark Elkins mje at
Tue Nov 29 13:36:47 UTC 2011

I'm Running Bind 9.7.3-P3 (Gentoo build)...

When does 'EDNS' get brought into the picture?
A 'dig' with '+dnssec' works just fine (more than 512 bytes over udp) -
but a dig without '+dnssec' and actually asking for the 'dnskey' records
for a domain - which is over 512 bytes - does a "Truncated, retrying in
TCP Mode" on me - even when asking "localhost".

I though that EDNS0 was negotiated or pretty much the default and didn't
have to be kicked into action???? Is this some sort of safety default
feature I need to de-activate via named.conf (which has no mention of
EDNS anything)

I'd honestly never noticed this before...
  .  .     ___. .__      Posix Systems - (South) Africa
 /| /|       / /__       mje at  -  Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6161 bytes
Desc: not available
URL: <>

More information about the bind-users mailing list