[dns-operations] Handling of unknown EDNS versions
Mark Andrews
marka at isc.org
Mon Nov 24 23:35:02 UTC 2014
The correct response to unknown EDNS versions is to return BADVERS.
This was spelt out in RFC 2671 in 1999 and has not been changed in
RFC 6891.
Nameservers should not ignore the versions field.
Nameservers should respond to unknown EDNS versions.
Nameservers should not return FORMERR.
Returning the answer as if it was EDNS(0) with the rcode set to
BADVERS is pointless as this doesn't work for negative answers.
One vendor has already fixed this.
http://users.isc.org/~marka/ts/gov.edns1fail.html
If you are a DNS vendor can you please ensure that your software
handles unknown EDNS versions correctly.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list