[dns-operations] rfc7873#5.4 - Server Cookie Queries - any implementations at all?

Mark Delany b9w at charlie.emu.st
Mon Mar 14 07:49:17 UTC 2022

For reference: https://datatracker.ietf.org/doc/html/rfc7873#section-5.4

Over the last couple of months I've been purposely tracking "Querying for a Server Cookie"
as described in the link above.

And I have seen zero such queries. Nada. Zilch. Nothinkski.

As best I can tell, "dig" is incapable of issuing such a query so one presumes that even
ISC don't think it a very important use-case even tho their name is on the RFC.

Furthermore, my DNS decoder of choice (github.com/miekg/dns) discards inbound queries with
QD!=1 (but it at least offers an escape hatch which I used for the aforementioned

In short, QD=0 is an odd query which is not well supported. Furthermore, I suspect that
most middleware and some firewalls are going to drop them with prejudice, all of which
means that a #5.4 query has a number of barriers to overcome.

But zero such queries after watching for months? That's surprising. I'm obviously
suspicion of my tracking code, but I've checked as best I can.

Two questions: a) Are there known #5.4 implementations out there? b) Have others seen
such queries in the wild?

I guess a final question: Are DNS Cookies considered BCP and thus I should be expecting
#5.4 queries now or in the near future? I've read a few dissenting views is why I ask.


More information about the dns-operations mailing list