[dns-operations] Any surveys about EDNS0 usage?
Michael Graff
mgraff at isc.org
Mon Mar 7 22:24:50 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My take on this is that it's very hard to measure. It's very easy to
tell if someone allows TCP, but EDNS0 support, unless specifically
queried for and then done carefully, seems hard to measure.
One problem that will happen more and more is that EDNS0 is in the
software, but some firewall will prevent fragments, > 512 UDP on port
53, or filter out OPT records. So, is this a server that supports EDNS0
or not?
Every day we run into the problem that a remote server will announce
that it accepts a size of 4096 in its query, and the remote end fully
supports EDNS0 in their server. It will reply with a reasonable but >
512 byte reply, sometimes without fragmentation (say, around 600 bytes)
but *something* eats the reply. It is very hard to work in this
environment as a recursive server as the fallbacks add up fast.
- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNdVsyAAoJEDRzoY2A7tzb2y4H/RIEJVYpUwMsb87qhynKSfsd
JBzOINafLMng9rxIzZ92xM4D9X25+GQNC1Hxu0CIR8U7S5++O/0kc7xeXzMT2MPn
UKGvyfdlWyZnUYqqNKEcFE5NmGruPGoxWPIEiU3TdyFuPU56m/4O/4YBl7k1qC5e
4pv/cerN9Von81DIfY4nppdlRWCgUJ70ukEThd4itn1XXAGMnfzE1VRcv0iX1S6U
1u3poWDipmLWyZKU8k7wxb7L6+PujCEyaz0Pa0od8V2H/HJJwIGG1vsi5wMFCkh+
1MinFHOC3kPsvvBtXKPoG8JWz4BJDljxMXys0j70mMWrXYzG3DqKcfqoDEp7VwQ=
=vKQ5
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list