[dns-operations] DNS cookies in a mixed resolver anycast environment

Tobias S. Josefowitz t.josefowitz at gmail.com
Mon Jun 3 13:00:42 UTC 2019


On Mon, Jun 3, 2019 at 2:34 PM Ondřej Surý <ondrej at sury.org> wrote:
>
>
> Let’s assume that DNS resolver sends EDNS enabled query, now you have three options:
>
> 3. answer contains NOERROR without OPT —> the other side doesn’t understands EDNS, e.g. pre-EDNS server, process the answer as usual

Yes but - then again, RFC 6891 clearly states "Responders that choose
not to implement the protocol extensions [...] MUST respond with a
return code (RCODE) of FORMERR to messages containing an OPT record in
the additional section [...]". And I still wonder why RFC 6891
introduces an additional RTT for implementations choosing not to
implement (in cases where the querying party is not already sending
non-EDNS queries).

Or in other words, doing 3. is not technically standards compliant nowadays.

> So, when you want to implement new DNS server because you think DNS is easy, just don’t… and if you don’t listen, just make sure you are not in the 4th category.

The damage is long done and is serving an amount of users you might
find surprising :)




More information about the dns-operations mailing list