[dns-operations] Handling of unknown EDNS versions

Mark Andrews marka at isc.org
Mon Nov 24 23:35:02 UTC 2014


The correct response to unknown EDNS versions is to return BADVERS.
This was spelt out in RFC 2671 in 1999 and has not been changed in
RFC 6891.

Nameservers should not ignore the versions field.
Nameservers should respond to unknown EDNS versions.
Nameservers should not return FORMERR.

Returning the answer as if it was EDNS(0) with the rcode set to
BADVERS is pointless as this doesn't work for negative answers.
One vendor has already fixed this.

http://users.isc.org/~marka/ts/gov.edns1fail.html

If you are a DNS vendor can you please ensure that your software
handles unknown EDNS versions correctly.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka at isc.org



More information about the dns-operations mailing list