Option to turn off EDNS globally?
JINMEI Tatuya / 神明達哉
jinmei at isl.rdc.toshiba.co.jp
Fri Sep 21 08:17:16 UTC 2007
At Thu, 20 Sep 2007 21:08:02 +0200,
Adam Tkac <atkac at redhat.com> wrote:
> >> Yes this is big problem. But tell to someone: "You have problem with BIND
> >> and EDNS? Buy new router!"
> >
> > That is where the value of spin comes into play. Instead of saying "You
> > have a problem with BIND and EDNS? Buy a new router!" that should be "Ah,
> > BIND and EDNS have uncovered a latent bug in your router which needs to be
> > fixed or replaced."
> >
> > :-) - half a one anyway.
> >
> > rick jones
>
> Yes, you've said better. I want only point to that I'm really unsure
> that router vendors are going to fix those bugs. I believe that
> famous vendors will fix problems but if you have router from some
> unknown vendor it means that you have to buy new one - and this is
> bad :(
This sounds to me like a sound market-based incentive for the
"unknown" (non famous) vendor to do the right thing. If a non-famous
vendor continues violating the standard while more and more popular
vendors support it, the non-famous one will naturally lose their
customers.
By the way, there is a web page that provides a per-vendor/product
list on how to handle large DNS packets:
http://www.icann.org/committees/security/sac016.htm
As shown in the list, for example, Cisco PIX has been a well known
culprit on this matter, but Cisco fixed the implementation years ago.
p.s. I support the BIND's current behavior of not having a global
option to turn off EDNS0 by default.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei at isl.rdc.toshiba.co.jp
More information about the bind-workers
mailing list