DNSSEC and EDNS behavior

Evan Hunt each at isc.org
Thu Oct 20 16:44:28 UTC 2011

> What are the situations (timeouts, FORMERR .. etc)  to mark the server
> as unable to speak EDNS0? (add_bad)

named tries to send a query with EDNS(0); if the query fails, it will try
again with EDNS(0) but with the packet size limited to 512 bytes; and if
that fails, it will try again without EDNS(0).  If at that point it
succeeds, then it memorizes the formula that worked: it won't try to use
EDNS(0) again with that server for the duration of the server's TTL, or
one day, whichever is shorter.

> How can be server recovered again as EDNS0 capable?
> Only recovery was to flush cache.

I don't think you need to flush the whole cache; 'rndc flushname <name>'
will clear the entry for the affected name server, and should be

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list