Paul Wouters: Re: [dnssec-deployment] DNS cache issue
Paul_Vixie at isc.org
Thu Nov 22 19:39:35 UTC 2007
> Adam> Yes. I'm keeping short patch downstream which adds global edns
> Adam> option. This option was discussed on bind-workers and ISC
> Adam> don't want that option. Our users has problem that log is
> Adam> flooded with "..disabling EDNS.." messages. Of course, EDNS is
it's not just that isc didn't want to ship the option in standard bind.
it's that the bind-workers community rebelled against the idea of making
edns optional, anywhere. if edns isn't working then there's an isp or a
middlebox or firewall that needs to get whacked. the future of dns is
edns, and there is no sense or value in making it possible to turn it off.
> Then just turn off that message, or limit it to saying it once.
> Bind9 turns off EDNS on it's own, right?
that's a reasonable approach, as long as the limit is repealed after 24
hours, so that there will be a burst of errors every day.
i'm particularly worried about a named.conf file syntax extension that locks
someone into a particular system vendor and makes it impossible for that
user to upgrade bind to a f/oss version later than what the vendor ships.
this is something redhat should take up with the bind forum, and demonstrate
some leadership, rather than going rogue like this.
More information about the bind-workers