EDNS issue with bind 9.11 and NetScaler 11.0

Mathew Ian Eis Mathew.Eis at nau.edu
Tue Dec 20 22:25:21 UTC 2016


We are running BIND behind a Citrix NetScaler (v 11.0) load balancer, and recently had a report that BIND 9.11 is unable to resolve names from our public nameservers.

The issue can be easily reproduced with the BIND 9.11 client, e.g.: $ dig nau.edu @a.ns.nau.edu (will return status: FORMERR).

$ dig +noedns nau.edu @a.ns.nau.edu on the other hand works.

The report passed on to us was secondhand, but ISC reportedly thinks that EDNS support is broken on the load balancer… I think that conversation must have been off list as this report was the first we’d heard about it.

We are working with Citrix to try and resolve the issue, but I wanted to ask - has anyone else seen this, and if so, how did you resolve it?

Also, Evan, if you can provide any more info on the issue that we can pass it on to Citrix, that would be much appreciated.

Thanks in advance,

Mathew Eis
Northern Arizona University
Information Technology Services

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161220/74a1f1a3/attachment.html>

More information about the bind-users mailing list