> On 4. 5. 2022, at 14:12, Veronique Lefebure <veronique.lefeb...@cern.ch> > wrote: > > Hello, > > If we see this on our DNS server logs (BIND 9.11): > > 04-May-2022 12:55:37.675 edns-disabled: info: success resolving > 'sour.woinsta.com/A' (in 'woinsta.com'?) after disabling EDNS > > - are we correct to say that with BIND 9.16, that query wil always fail > because EDNS won't be disabled anymore ?
The query will always timeout, but it’s actually not the EDNS that’s a problem, but DNS Cookies. > - is there any tuning that needs to be done ? The nameserver for woinsta.com just needs to adhere to DNS protocol and not drop DNS queries with unknown EDNS options. That said, you can selectively disable DNS cookies for the affected nameserver(s), it’s described in the documentation and (a bit outdated) KB article: https://kb.isc.org/docs/aa-01387 The main tuning is that people should not write their own DNS server if they can’t implement it properly, but hey that’s what we have on the Internet now... Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
signature.asc
Description: Message signed with OpenPGP
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
