[dns-operations] Way to test remote EDNS capability?

Doug Barton dougb at dougbarton.us
Fri Jun 7 07:33:47 UTC 2013

I'm looking at some resolver logs and seeing the "success resolving 
$blah after reducing the advertised EDNS UDP packet size to 512 octets" 
messages for some authoritative servers run by organizations that I 
would think ought to know better. :)  I've tested the path on my side 
using https://www.dns-oarc.net/oarc/services/replysizetest and both my 
IPv4 and IPv6 paths show as clear (which I would expect of course).

Is there any simple way test the remote side's actual capabilities?

Meanwhile I've been trying 'dig +bufsize=4096' and it seems to succeed 
more often than it fails. In one particular zone 4 of the 5 auth name 
server addresses succeeded, but the one that failed failed with both 
+bufsize=4096 and +bufsize=512. Is it possible that named (BIND 
9.9.3-p1) just happened to hit the failing server first, then it 
happened to work when it backed the packet size off and tried another 

Insights welcome,


More information about the dns-operations mailing list