getting edns disabling message in logs
Michael Hoskins (michoski)
michoski at cisco.com
Wed Jul 4 19:14:33 UTC 2012
-----Original Message-----
From: Tony Finch <dot at dotat.at>
Date: Wednesday, July 4, 2012 7:54 AM
To: Cathy Almond <cathya at isc.org>
Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: getting edns disabling message in logs
>Cathy Almond <cathya at isc.org> wrote:
>>
>>
>>https://kb.isc.org/article/AA-00708/55/Why-does-BIND-log-messages-about-d
>>isabling-EDNS-or-reducing-the-advertised-packet-size
>>
>> (Just created, so apologies if there are any typos or other editorial
>> corrections needed - they will happen later)
>
>I suggest "middlebox" since "middleware" usually means something like a
>horrific enterprisey web services message bus framework.
i think you could just leave out middleware entirely in that sentence. :)
>> > Is there any way that we can show that current disabling EDNS happens
>>by
>> > firewall issue ?
>>
>> That's a bit tricky, if what's broken is not in your network space. On
>> the other hand, if you're getting this reported for every domain that is
>> queried, then it's probably *your* problem.
>
>Try the DNS-OARC reply size test server.
>https://www.dns-oarc.net/oarc/services/replysizetest/
thanks, this is quite useful. i'd always just issued queries for common
domains i know aren't misconfigured (e.g. google) -- when it's a local
firewall problem many of these log obvious errors.
there was a default configuration in many legacy cisco appliances that
caused issues, but defaults were updated awhile back on newer gear so it's
become less of an issue for me.
https://supportforums.cisco.com/thread/2013390
More information about the bind-users
mailing list