Enforce EDNS
Daniel Stirnimann
daniel.stirnimann at switch.ch
Tue Jan 31 08:56:00 UTC 2017
Hello all,
Our resolver failed to contact an upstream name server as a result of
network connectivity issues. named retries eventually worked but as it
reverted back to not using EDNS and the answer should have been signed,
the query response failed to validate. Subsequent queries towards this
upstream name server were not utilizing EDNS as well because named
remembers a name servers capabilities for some time (See also
https://deepthought.isc.org/article/AA-00510/0)
My question is, can I enforce EDNS usage for a name server? I was
thinking of the 'edns' clause in the server settings [1]. However, this
is already enabled by default and only applies to an "attempt".
Daniel
[1]
https://ftp.isc.org/isc/bind9/cur/9.11/doc/arm/Bv9ARM.ch06.html#server_statement_grammar
More information about the bind-users
mailing list