[dns-operations] Abnormal activity fron chinanet?

Joe Abley jabley at hopcount.ca
Thu Apr 5 15:58:18 UTC 2012

On 2012-04-04, at 10:56, Paul Vixie wrote:

> On 2012-04-04 1:38 PM, Stephane Bortzmeyer wrote:
>> ... EDNS0, ... (70 % of all queries going to .FR name servers).
> that is extraordinarily great news. another decade or two and we'll
> *have* it.

I looked at L-Root traffic the other day, and I was pleasantly surprised to see over 80% of queries with an OPT RR in the message. But then I counted the number of unique sources that never sent an OPT RR, and found that more than 50% never signalled availability of EDNS0.

I stopped looking around then, but my assumption at the time was that we see a greater EDNS0 penetration when we look at queries rather than servers because servers retry with different receive buffer sizes, and those retries inflate the query stats. If this is what's happening, then it suggests that (a) EDNS0 availability amongst clients of root servers is still low, less than half, and (b) there is a significant amount of middleware in the Internet that interferes with EDNS0.

It'd be interesting to see a more rigorous study.


More information about the dns-operations mailing list