[dns-operations] google.com does not suppor EDNS/OPT

Mark Andrews marka at isc.org
Tue Dec 4 18:46:07 UTC 2018 

Actually they conditionally return a EDNS response. Send the servers a ECS option and you will get a EDNS ECS response. 

If I remember correctly they also show breakage with EDNS(1) if ECS is present but I’m not in front of the right equipment to check. 

-- 
Mark Andrews

> On 5 Dec 2018, at 03:51, Mats Dufberg <mats.dufberg at iis.se> wrote:
> 
> The google.com replies without OPT when the query has OPT record. It seems to be true for all servers of google.com.
>  
> https://www.zonemaster.net/result/396932f178c82fd6
>  
>  
> ; <<>> DiG 9.10.6 <<>> @216.239.34.10 google.com soa +dns +qr +mu
> ; (1 server found)
> ;; global options: +cmd
> ;; Sending:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15863
> ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>  
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;google.com.         IN SOA
>  
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15863
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
> ;; WARNING: recursion requested but not available
>  
> ;; QUESTION SECTION:
> ;google.com.         IN SOA
>  
> ;; ANSWER SECTION:
> google.com.          60 IN SOA ns1.google.com. dns-admin.google.com. (
>                            223945713  ; serial
>                            900        ; refresh (15 minutes)
>                            900        ; retry (15 minutes)
>                            1800       ; expire (30 minutes)
>                            60         ; minimum (1 minute)
>                            )
>  
> ;; AUTHORITY SECTION:
> google.com.          345600 IN NS ns3.google.com.
> google.com.          345600 IN NS ns1.google.com.
> google.com.          345600 IN NS ns4.google.com.
> google.com.          345600 IN NS ns2.google.com.
>  
> ;; ADDITIONAL SECTION:
> ns3.google.com.             345600 IN A 216.239.36.10
> ns3.google.com.             345600 IN AAAA 2001:4860:4802:36::a
> ns1.google.com.             345600 IN A 216.239.32.10
> ns1.google.com.             345600 IN AAAA 2001:4860:4802:32::a
> ns4.google.com.             345600 IN A 216.239.38.10
> ns4.google.com.             345600 IN AAAA 2001:4860:4802:38::a
> ns2.google.com.             345600 IN A 216.239.34.10
> ns2.google.com.             345600 IN AAAA 2001:4860:4802:34::a
>  
> ;; Query time: 52 msec
> ;; SERVER: 216.239.34.10#53(216.239.34.10)
> ;; WHEN: Tue Dec 04 17:47:35 CET 2018
> ;; MSG SIZE  rcvd: 322
>  
>  
>  
>  
> ---
> Mats Dufberg
> DNS Specialist, IIS
> Mobile: +46 73 065 3899
> https://www.iis.se/en/
>  
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20181205/25cf1a6e/attachment.html>

More information about the dns-operations mailing list