Option to turn off EDNS globally?

[Dario Aguilar]

Mark,
          I understand your point, but in most of cases this middleware is a 
remote firewall or dns server configuration. Can we make Bind to not use 
ENDS by default and only use it when it receives a truncated (UDP) response 
to a non-EDNS0 query before trying a standard TCP query or in configurations 
with DNSSEC? Nominum CNS is doing this, and efectivelly improve the 
performance with authoritative server that don´t support EDNS.

kind regards,

Dario.


----- Original Message ----- 
From: "Mark Andrews" <Mark_Andrews at isc.org>
To: "Adam Tkac" <atkac at redhat.com>
Cc: <bind-workers at isc.org>
Sent: Thursday, September 20, 2007 9:30 AM
Subject: Re: Option to turn off EDNS globally?



> Hi all,
>
> Recently I've got report that syslog is flooded with messages like "Too 
> many
> timeouts resolving $DOMAIN (in $DOMAIN?): disabling EDNS". Of course those 
> me
> ssages will be easily supressed with "edns-disabled" logging option but 
> this
> not suppress EDNS queries. I've created patch which will completely 
> disable E
> DNS (patch adds edns option). Would it be possible include it in main 
> source
> or this is step back?
>
> Adam

It's really a step backwards.  The message is there to alert
people about problems they have rather than silently work
around the problem.  With DNSSEC finally seeing initial
deployments, EDNS has to work.  It's time to fix the broken
middleware.

Mark

P.S. the same effect is already achievable without making
edns a view/global option using server clauses.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org