Re: turning off EDNS0

> I am running bind version "BIND 9.2.2-P1" and I notice that my query
> times are very long. When I run Ethereal to see why, I see that initial
> queries are sending the OPT pseudo RR. Almost every nameserver out
> there responds to this with RCODE "format error" and then bind issues
> another query without this extension.

Actually the majority of servers out there know about EDNS.

> This is really increasing my relsoving time. I would really like to
> disable this, but apparently I can only do this on a per server basis.

The delays caused by EDNS probes are generally not noticable to
the end user.

You are most probably seeing the side effects of the addition of
AAAA records for A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET. This
tickled a bug in BIND 9 (fixed in 9.2.5/9.3.1 out soon). This also
exposed misconfigured firewalls that incorrectly dropped EDNS
replies bigger than 512 octets. The EDNS referral to the COM /
NET servers now exceeds 512 octets.

Upgrade to 9.3.0 and run "named -4" to work around the BIND 9
bug.

Upgrade to 9.3.0 and set "edns-udp-size 512;" in options if you
have a broken firewall. This should be seen as a short term
work-around until you get the firewall fixed.

You can determine if the firewall is misconfigured if you get
a response to the first query and not to the second query.

dig soa com +norec @a.root-servers.net
dig soa com +norec +bufsize=1024 @a.root-servers.net

> First, I would like to know how to disable this globally (hopefully
> without recompililng). But something makes me think this is not what I
> want to do. I just can't believe that ISC would release BIND9
> configured by default to double resolving times. Am I doing something
> wrong?
>
> ---
> Joe Harvell
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org