DNSSEC and EDNS behavior
each at isc.org
Thu Oct 20 16:44:28 UTC 2011
> What are the situations (timeouts, FORMERR .. etc) to mark the server
> as unable to speak EDNS0? (add_bad)
named tries to send a query with EDNS(0); if the query fails, it will try
again with EDNS(0) but with the packet size limited to 512 bytes; and if
that fails, it will try again without EDNS(0). If at that point it
succeeds, then it memorizes the formula that worked: it won't try to use
EDNS(0) again with that server for the duration of the server's TTL, or
one day, whichever is shorter.
> How can be server recovered again as EDNS0 capable?
> Only recovery was to flush cache.
I don't think you need to flush the whole cache; 'rndc flushname <name>'
will clear the entry for the affected name server, and should be
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users