[dns-operations] qwest EDNS implementation error

Tony Finch dot at dotat.at
Tue Jul 11 10:38:00 UTC 2017

We received a failure report about DNS resolution failures with bea.gov.
This is due to the qwest secondary authoritative DNS servers failing to
handle unknown EDNS options correctly.

$ dig +noall +authority ns bea.gov. @a.gov-servers.net.
bea.gov.                86400   IN      NS      sauthns1.qwest.net.
bea.gov.                86400   IN      NS      sauthns2.qwest.net.

$ dig ns bea.gov. @sauthns1.qwest.net. | grep status
;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 64086

$ dig +nocookie ns bea.gov. @sauthns1.qwest.net. | grep status
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42545

authns1.qwest.net and authns2.qwest.net (the authoritative nameservers
for qwest.net) work correctly.

sauthns1.qwest.net and sauthns2.qwest.net (the authoritative nameservers
for bea.gov) are buggy.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Humber: Cyclonic becoming north 4 or 5, increasing 6 at times. Slight or
moderate, occasionally smooth at first. Rain at times. Moderate or good.

More information about the dns-operations mailing list