Something like OARC's reply size test would be great! I use that with
customers all the time, it really cuts through the "Of COURSE the
problem is not on my side!" argument. :)
Doug
On 11/25/14 1:34 PM, Simon Munton wrote:
If you're feeling brave a WebUI to a conformance test would be nice
ditto "Handling of unknown EDNS versions"
On 24/11/14 23:19, Mark Andrews wrote:
We are looking to deploy DNS Cookies or SIT soon and the handling
of unknown EDNS options is atrocious.
http://users.isc.org/~marka/ts/gov.optfail.html
Unknown EDNS options are supposed to be ignored. See RFC6891, 6.1.2
Wire Format.
They should not generate FORMERR.
They should not generate BADVERS.
They should not be echoed back.
They should be responded to.
We are seeing all of the above mis-behaviours when testing.
FORMERR often results in responses that are indistigishable from not
supporting EDNS at all. See ednsopt and edns1opt.
leighton.com.au. @202.93.248.33 (ns2.infoplex.com.au.): dns=ok
edns=formerr,nosoa edns1=formerr,version edns@512=formerr
ednsopt=formerr,echoed,nosoa edns1opt=formerr,version,echoed
do=formerr,nosoa ednsflags=formerr,mbz,nosoa
suncorpbank.com.au. @203.0.222.71 (pbnedns2002.suncorpmetway.com.au.):
dns=ok edns=ok edns1=ok edns@512=ok ednsopt=formerr,echoed,nosoa
edns1opt=formerr,version,echoed do=ok ednsflags=ok
version = no opt record or wrong version in response
echoed = the option was echoed back
If you are a vendor and you nominally support EDNS can you please
check your software to ensure that it correctly handles unknown
EDNS options.
Mark
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
