EDNS Compliance

N. Max Pierson nmaxpierson at gmail.com
Fri Jan 18 17:02:12 UTC 2019 

Hi List,

I am trying to ensure our Bind servers comply with EDNS for the upcoming
Flag Day (https://dnsflagday.net/). I am somewhat ignorant to EDNS but from
what I have read, the information is somewhat conflicting as some
documentation states EDNS is not a record that you configure in your zone
file then other sites refer to some sort of OPT record you can configure.
So my first question is which of the documentation is correct from what I
have read? Is it DNS server functionality that supports EDNS or do you also
have to configure something in the zone files?

Also, I have 4 (well 5 counting the master that isn't queryable)
nameservers with multiple domains served on them. When I run one of my
primary domains through the ISC EDNS tool, it comes back as 2 out of the 4
are failing EDNS queries.They are all on the same version of Bind
(9.8.2rc1) and they are all slaves of the master so they should all have
the same records. Can anyone please explain what I need to do to resolve
the timeouts listed on the ISC testing tool?

Here is what the tool says ...


venyu.com. @208.79.48.30 (ns4.venyu.com.): dns=ok edns=ok *edns1=timeout*
 edns at 512=ok ednsopt=ok *edns1opt=timeout* do=ok ednsflags=ok docookie=ok
edns512tcp=ok *optlist=timeout*

venyu.com. @69.2.33.250 (ns1.venyu.com.): dns=ok edns=ok edns1=ok edns at 512=ok
ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok
optlist=ok
venyu.com. @2604:d800:12::250 (ns1.venyu.com.): dns=ok edns=ok edns1=ok
edns at 512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok
edns512tcp=ok optlist=ok

venyu.com. @69.2.63.250 (ns3.venyu.com.): dns=ok edns=ok edns1=ok edns at 512=ok
ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok
optlist=ok
venyu.com. @2604:d800:13::250 (ns3.venyu.com.): dns=ok edns=ok edns1=ok
edns at 512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok
edns512tcp=ok optlist=ok

venyu.com. @208.79.48.26 (ns2.venyu.com.): dns=ok edns=ok *edns1=timeout*
 edns at 512=ok ednsopt=ok *edns1opt=timeout* do=ok ednsflags=ok docookie=ok
edns512tcp=ok *optlist=timeout*


TIA!!

Regards,

Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190118/bd987295/attachment.html>

More information about the bind-users mailing list