In message <878ui94dju....@mid.deneb.enyo.de>, Florian Weimer writes: > The problem is that the EDNS protocol does not have a proper > handshake. If implementations reply differently to the same query, a > resolver may hit one implementation, receive some sort of failure > indication, try again without EDNS, hit the other implementation, > receive a reply, and conclude that the IP address in question is not > EDNS-tolerant.
Well it isn't and unless the answer you want depends on EDNS that doesn't matter. If the answer does depend on EDNS working you need a feedback to force EDNS regardless of the answers you are seeing. The biggest problem with EDNS is implementors not actually implementing the protocol. That makes it hard to do anything with any degree of certaintly. Try running a experiment EDNS(1) resolver. Too many firewall just drop the query despite the documented response being BADVERS. Similarly with EDNS unknown flags and unknown EDNS options. Both of these should be ignored. If you do get a response back there is a good chance that it will be a invalid response. EDNS compliance is sitting in the low 60's as a percentage. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
