Thanks Greg and Ondrej,

Many thanks for the pointer to DNS Cookies in BIND 9 (isc.org) 
https://kb.isc.org/docs/aa-01387

I have used https://ednscomp.isc.org/ednscomp/1ba42afa27 to check if  they are 
compliant, but the answer is ambiguous:

EDNS Compliance Tester
Checking: 'sour.woinsta.com' as at 2022-05-04T13:45:39Z
sour.woinsta.com.: NS lookup failed
Codes
* ok - test passed.

Anyway, from what you have seen you are suspecting that the problem is on the 
woinsta.com side and not on our side ?

The following indeed indicates a problem related to cookies:

dig @ns1.thednscloud.com. +nocookie sour.woinsta.com A +short
23.82.12.29

while 

dig @ns1.thednscloud.com. +cookie sour.woinsta.com A +short
; <<>> DiG 9.11.36 <<>> @ns1.thednscloud.com. +cookie sour.woinsta.com A +short
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached


I will try send-cookie no for that server to confirm it is the source of the 
issue.

Cheers,
Veronique


> On 04/05/2022 14:34 Greg Choules <gregchoules+bindus...@googlemail.com> wrote:
> 
> 
> Hi Veronique.
> Every DNS server should support EDNS by now. It has been around for a very 
> long time. Even if it doesn't support EDNS it should ignore it.
> 
> I made some test queries and packet captures to 23.82.12.28. Whatever this 
> box is, please talk to the manufacturer about EDNS support.
> Or.. it may be that some network infrastructure - firewalls are usually the 
> first place to look - is blocking this traffic.
> 
> Whatever is happening at the authoritative end, it needs to be fixed. All 
> modern recursive servers will use EDNS.
> 
> Cheers, Greg
> 
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to