Option to turn off EDNS globally?

Adam Tkac atkac at redhat.com
Thu Sep 20 19:22:45 UTC 2007


On Thu, Sep 20, 2007 at 07:07:04PM +0000, Paul Vixie wrote:
> > > most firewalls don't (can't) hold frag state, so i'm not sure what this
> > > means except that for EDNS0 to succeed, a whole lot of firewalls have to be
> > > not just reconfigured but redesigned/upgraded.
> > 
> > Yes this is big problem. But tell to someone: "You have problem with BIND
> > and EDNS? Buy new router!"
> 
> i wouldn't say that, though.  i'd say "you bought a crappy middlebox and now
> the DNS protocol has moved beyond the artificial crappiness of your middlebox
> and you'd better oughta gitcherself a new and improved middlebox."

Yes, I said it too exaggeratedly.

> 
> > > > Can we make Bind to not use ENDS by default and only use it when it
> > > > receives a truncated (UDP) response to a non-EDNS0 query before trying a
> > > > standard TCP query or in configurations with DNSSEC? Nominum CNS is
> > > > doing this, and efectivelly improve the performance with authoritative
> > > > server that don´t support EDNS.
> > 
> > Yes, this behavior makes sence.
> 
> no, it does not.  the documented and implemented behaviour optimizes for the
> desired ending state, and puts the pain exactly where it belongs during the
> transition period.
> 
> > I don't know how would be EDNS useful without DNSSEC. But if RFC says that
> > this is impossible it (means RFC) should be revised before do this change.
> 
> if you want to revise EDNS0 so that it's a response to truncation rather than
> an optimistic first approach using non-EDNS as a fallback, you'll have to make
> that argument in the IETF "namedroppers at ops.ietf.org" working group, not here.
> 

I don't want change RFC here. I only want say it's bad idea to violate standard in BIND


More information about the bind-workers mailing list