[dns-operations] Authoritative name servers replying NOERROR but with EDE 18 ("Prohibited")
cstamas+dns at cstamas.hu
cstamas+dns at cstamas.hu
Tue Dec 10 14:42:42 UTC 2024
hi Stephane,
Dec 10, 2024 15:19:12 Stephane Bortzmeyer <bortzmeyer at nic.fr>:
> I notice that several unrelated name servers have a strange behavior, returning
> EDE 18 without an obvious reason:
>
> % dig +norec @ns.ucad.sn ucad.sn SOA
...
> ; EDE: 18 (Prohibited)
> ;; QUESTION SECTION:
> ;ucad.sn. IN SOA
...
>
> Without +norec, we don't have the EDE. It is strange, I understand
> that an authoritative name server may not happy to see requests with
> the RD bit set but the opposite?
>
> These other nameservers do the same:
>
> dig +norec @ns1.octopuce.fr. piaille.fr SOA
> dig +norec @primary.heberge.info. mamot.fr SOA
>
> I assume some widely used software recently added the EDE 18 but
> which one? And why?
This came up on the dns oarc chat 2 weeks ago and someone found that this might be it:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
Regards,
Tamás
More information about the dns-operations
mailing list