They fail when presented with EDNS version 1 queries and unknown
edns options. EDNS version 1 behaviour has been documented for
nearly 15 years. Is it that hard to return BADVERS rather than
FORMERR? It's like the vendor never read RFC 2671 or RFC 6891 which
obsoletes RFC 2671.
How are these servers passing acceptance testing? It takes two
simple tests to show a problem.
dig +edns=1 zone @server (expect BADVERS to be returned)
dig +nsid zone @server (expect the unsupported option to
be ignored or NSID to returned)
dig +ednsopt=code[:content] zone @server
(send a arbitary EDNS option with specfied content)
eia.gov need to go back to their nameserver vendor and get these
issues fixed.
Mark
In message <1404963274.28553.42.ca...@ns.five-ten-sg.com>, Carl Byington writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> dig phantom.eia.gov. @205.254.135.9 +dnssec +norecur
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30660
> ;; flags: qr aa ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
>
>
> dig phantom.eia.gov. @205.254.135.9 +dnssec +nsid +norecur
> ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 20
> ;; flags: qr ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
>
> iEYEARECAAYFAlO+CZMACgkQL6j7milTFsH/bgCfbDb2WinhfC6mY4epKr5rlro/
> l3wAnREhW3tJptOhBDB+02V/BoiseAdv
> =oJ7i
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
