[dns-operations] Issue with Quad9 DoH EDNS implementation
Shreyas Zare
shreyas at technitium.com
Fri Apr 8 08:19:05 UTC 2022
Hi,
It seems that Quad9 DoH uses the EDNS UDP payload size for DoH. So a
request with DO flag set and UDP payload size of 1232 for "co DNSKEY IN"
is causing Quad9 DoH server to return a response with TC flag set.
Setting the UDP payload size to a higher value fixes this issue.
However trying Quad9 with DNS-over-TCP it works as expected and the UDP
payload size is not used so the response of 1717 bytes is received as
expected.
Referring to RFC 8484 section 6, it seems to be an implementation issue:
DoH clients using this media type MAY have one or more Extension
Mechanisms for DNS (EDNS) options [RFC6891 <https://www.rfc-editor.org/rfc/rfc6891>] in the request. DoH
servers using this media type MUST ignore the value given for the
EDNS UDP payload size in DNS requests.
This is no issue with other public DNS providers that support DoH so
seems to be a Quad9 specific issue.
--
Regards,
*Shreyas Zare*
Technitium <https://technitium.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220408/1b6b4f38/attachment.html>
More information about the dns-operations
mailing list