getting edns disabling message in logs

Michael Hoskins (michoski) michoski at cisco.com
Wed Jul 4 19:14:33 UTC 2012


-----Original Message-----

From: Tony Finch <dot at dotat.at>
Date: Wednesday, July 4, 2012 7:54 AM
To: Cathy Almond <cathya at isc.org>
Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: getting edns disabling message in logs

>Cathy Almond <cathya at isc.org> wrote:
>>
>> 
>>https://kb.isc.org/article/AA-00708/55/Why-does-BIND-log-messages-about-d
>>isabling-EDNS-or-reducing-the-advertised-packet-size
>>
>> (Just created, so apologies if there are any typos or other editorial
>> corrections needed - they will happen later)
>
>I suggest "middlebox" since "middleware" usually means something like a
>horrific enterprisey web services message bus framework.

i think you could just leave out middleware entirely in that sentence. :)

>> > Is there any way that we can show that current disabling EDNS happens
>>by
>> > firewall issue ?
>>
>> That's a bit tricky, if what's broken is not in your network space.  On
>> the other hand, if you're getting this reported for every domain that is
>> queried, then it's probably *your* problem.
>
>Try the DNS-OARC reply size test server.
>https://www.dns-oarc.net/oarc/services/replysizetest/

thanks, this is quite useful.  i'd always just issued queries for common
domains i know aren't misconfigured (e.g. google) -- when it's a local
firewall problem many of these log obvious errors.

there was a default configuration in many legacy cisco appliances that
caused issues, but defaults were updated awhile back on newer gear so it's
become less of an issue for me.

https://supportforums.cisco.com/thread/2013390




More information about the bind-users mailing list