[dns-operations] EDNS response only with DO=1
Casey Deccio
casey at deccio.net
Wed Sep 28 12:02:16 UTC 2016
On Tue, Sep 27, 2016 at 11:18 PM, Mark Andrews <marka at isc.org> wrote:
>
> Can someone please explain the logic in building a DNS server that
> supports EDNS but only returning a EDNS response if DO=1?
>
This can be problematic in practice. I have seen instances where a
validating recursive server failed to validate the response from an
authoritative server that supplied RRSIGs but no OPT record (in response to
query with EDNS DO=1).
Not everyone can recover gracefully from seemingly small disregard for
protocol.
Regards,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160928/65d03ebe/attachment.html>
More information about the dns-operations
mailing list