Option to turn off EDNS globally?
Adam Tkac
atkac at redhat.com
Thu Sep 20 19:22:45 UTC 2007
On Thu, Sep 20, 2007 at 07:07:04PM +0000, Paul Vixie wrote:
> > > most firewalls don't (can't) hold frag state, so i'm not sure what this
> > > means except that for EDNS0 to succeed, a whole lot of firewalls have to be
> > > not just reconfigured but redesigned/upgraded.
> >
> > Yes this is big problem. But tell to someone: "You have problem with BIND
> > and EDNS? Buy new router!"
>
> i wouldn't say that, though. i'd say "you bought a crappy middlebox and now
> the DNS protocol has moved beyond the artificial crappiness of your middlebox
> and you'd better oughta gitcherself a new and improved middlebox."
Yes, I said it too exaggeratedly.
>
> > > > Can we make Bind to not use ENDS by default and only use it when it
> > > > receives a truncated (UDP) response to a non-EDNS0 query before trying a
> > > > standard TCP query or in configurations with DNSSEC? Nominum CNS is
> > > > doing this, and efectivelly improve the performance with authoritative
> > > > server that don´t support EDNS.
> >
> > Yes, this behavior makes sence.
>
> no, it does not. the documented and implemented behaviour optimizes for the
> desired ending state, and puts the pain exactly where it belongs during the
> transition period.
>
> > I don't know how would be EDNS useful without DNSSEC. But if RFC says that
> > this is impossible it (means RFC) should be revised before do this change.
>
> if you want to revise EDNS0 so that it's a response to truncation rather than
> an optimistic first approach using non-EDNS as a fallback, you'll have to make
> that argument in the IETF "namedroppers at ops.ietf.org" working group, not here.
>
I don't want change RFC here. I only want say it's bad idea to violate standard in BIND
More information about the bind-workers
mailing list