In message <20100622155814.gd4...@puga.deis.gldn.net>, Anatoly Pugachev writes:
> Mark,
>
> please see below...
>
> On 04.05.2010 / 14:31:25 +1000, Mark Andrews wrote:
> >
> > In message <y2sf7e964441005031927m7774769ev280156817d8b4...@mail.gmail.com>
> , Je
> > ff Pang writes:
> > > Hello,
> > >
> > > Following the discussions in the list, I made a test on one of our
> > > servers, which is in an ISP's datacenter.
> > >
> > > The result is below:
> > >
> > > $ dig +short rs.dns-oarc.net txt
> > > rst.x476.rs.dns-oarc.net.
> > > rst.x485.x476.rs.dns-oarc.net.
> > > rst.x490.x485.x476.rs.dns-oarc.net.
> > > "218.204.255.72 DNS reply size limit is at least 490"
> > > "218.204.255.72 lacks EDNS, defaults to 512"
> > > "Tested at 2010-05-04 02:23:51 UTC"
> > >
> > > Does this mean our ISP's filrewall block EDNS query/response?
> >
> > Maybe / maybe not. It could just mean that the nameserver itself
> > doesn't support EDNS.
>
> How bad it is, if providers server doesn't support/make eDNS queries?
> Does eDNS support/usage is for DNSSEC protocol only? I mean, that my
> collegue propose to use the following statement in named.conf:
>
> server 0.0.0.0/0 {
> edns no;
> };
You are throwing the baby out with the bath water. There are very few
servers that respond to EDNS queries with plain DNS responses and named
will still resolve from them despite the broken middleware. I susggest
that rather than doing this that you complain to you ISP and have them
trace the fault.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
