Option to turn off EDNS globally?
Brian Wellington
Brian.Wellington at nominum.com
Thu Sep 20 17:57:47 UTC 2007
On Thu, 20 Sep 2007, Paul Vixie wrote:
> [dario aguilar]
>> Can we make Bind to not use ENDS by default and only use it when it receives
>> a truncated (UDP) response to a non-EDNS0 query before trying a standard TCP
>> query or in configurations with DNSSEC? Nominum CNS is doing this, and
>> efectivelly improve the performance with authoritative server that don?t
>> support EDNS.
>
> RFC 2671 says no. i believe the reasoning was, there can be additional data
> whose absence won't trigger DNS TC, but whose presence would reduce the need
> for additional transactions. if nominum is doing this, they're out of spec.
> if this should be done, then RFC 2671 should be revised to accomodate it.
For the record, which part of RFC 2671 is Nominum CNS violating? I don't
see any text that says that an implementation that understands EDNS must
include an OPT record in every packet. 5.2 is a bit vague, but looks like
it's more concerned with the responder than the requestor.
Nominum CNS does enable EDNS by default when DNSSEC is enabled, which is
required for proper DNSSEC operation. I can't think of any other reason
why EDNS would be needed in normal operations, but if there are, it would
make sense to enable EDNS by default in those situations as well.
Brian
More information about the bind-workers
mailing list