[dns-operations] google.com does not suppor EDNS/OPT

Mark Andrews marka at isc.org
Tue Dec 4 21:30:17 UTC 2018


It looks like they have fixed whatever it was.   Now if they could just return EDNS
responses to all EDNS queries instead of just to EDNS w/ ECS.  The behaviour makes
no sense.

Mark

% dig +subnet=0/0 @ns1.google.com google.com +norec +edns=1 +noednsneg +ednsflags=0x80

; <<>> DiG 9.13.1+hotspot+add-prefetch+marka <<>> +subnet @ns1.google.com google.com +norec +edns=1 +noednsneg +ednsflags=0x80
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 48338
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A

;; Query time: 102 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Wed Dec 05 08:24:01 AEDT 2018
;; MSG SIZE  rcvd: 39

% 

> On 5 Dec 2018, at 5:46 am, Mark Andrews <marka at isc.org> wrote:
> 
> Actually they conditionally return a EDNS response. Send the servers a ECS option and you will get a EDNS ECS response. 
> 
> If I remember correctly they also show breakage with EDNS(1) if ECS is present but I’m not in front of the right equipment to check. 
> 
> -- 
> Mark Andrews
> 
> On 5 Dec 2018, at 03:51, Mats Dufberg <mats.dufberg at iis.se> wrote:
> 
>> The google.com replies without OPT when the query has OPT record. It seems to be true for all servers of google.com.
>>  
>> https://www.zonemaster.net/result/396932f178c82fd6
>>  
>>  
>> ; <<>> DiG 9.10.6 <<>> @216.239.34.10 google.com soa +dns +qr +mu
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; Sending:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15863
>> ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>  
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 4096
>> ;; QUESTION SECTION:
>> ;google.com.         IN SOA
>>  
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15863
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
>> ;; WARNING: recursion requested but not available
>>  
>> ;; QUESTION SECTION:
>> ;google.com.         IN SOA
>>  
>> ;; ANSWER SECTION:
>> google.com.          60 IN SOA ns1.google.com. dns-admin.google.com. (
>>                            223945713  ; serial
>>                            900        ; refresh (15 minutes)
>>                            900        ; retry (15 minutes)
>>                            1800       ; expire (30 minutes)
>>                            60         ; minimum (1 minute)
>>                            )
>>  
>> ;; AUTHORITY SECTION:
>> google.com.          345600 IN NS ns3.google.com.
>> google.com.          345600 IN NS ns1.google.com.
>> google.com.          345600 IN NS ns4.google.com.
>> google.com.          345600 IN NS ns2.google.com.
>>  
>> ;; ADDITIONAL SECTION:
>> ns3.google.com.             345600 IN A 216.239.36.10
>> ns3.google.com.             345600 IN AAAA 2001:4860:4802:36::a
>> ns1.google.com.             345600 IN A 216.239.32.10
>> ns1.google.com.             345600 IN AAAA 2001:4860:4802:32::a
>> ns4.google.com.             345600 IN A 216.239.38.10
>> ns4.google.com.             345600 IN AAAA 2001:4860:4802:38::a
>> ns2.google.com.             345600 IN A 216.239.34.10
>> ns2.google.com.             345600 IN AAAA 2001:4860:4802:34::a
>>  
>> ;; Query time: 52 msec
>> ;; SERVER: 216.239.34.10#53(216.239.34.10)
>> ;; WHEN: Tue Dec 04 17:47:35 CET 2018
>> ;; MSG SIZE  rcvd: 322
>>  
>>  
>>  
>>  
>> ---
>> Mats Dufberg
>> DNS Specialist, IIS
>> Mobile: +46 73 065 3899
>> https://www.iis.se/en/
>>  
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org




More information about the dns-operations mailing list