DNSSEC and EDNS behavior

PPA ppa at qpp.cz
Thu Oct 20 13:49:48 UTC 2011


does anybody know, how BIND running as DNS caching resolver makes
decision for disabling EDNS0 OPT query sent to a certain nameserver it
is talking to?

What are the situations (timeouts, FORMERR .. etc)  to mark the server
as unable to speak EDNS0? (add_bad)

How can be server recovered again as EDNS0 capable?

We got a situation when our authoritative nameserver retuned damaged
data and BIND (BIND 9.7.3-P3 on CentOS 6 2.6.32-71.29.1.el6.i686 32bit)
evaluated it as FORMERR.

After that, it talked to our server without EDNS0 even if there was a
EDNS0 OPT included in the previous response..

Only recovery was to flush cache.

Thanks for replies

Milan Leszkow

More information about the bind-users mailing list