Re: turning off EDNS0

This is a discussion on Re: turning off EDNS0 within the Bind Users forums, part of the DNS and Related Forums category; Mark: The upgrade and the -4 option seemed to fix the problem. I didn't change the edns-udp-size ...


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page Re: turning off EDNS0

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-30-2004
Joseph Harvell
 
Posts: n/a
Default Re: turning off EDNS0
Mark:

The upgrade and the -4 option seemed to fix the problem. I didn't
change the edns-udp-size since the firewall test passed.

I also specified "--enable-threads" in my build of 9.3.0, but I don't
know how 9.2.2-P1 was built. I see 5 named processes in 'ps' when I run
9.2.2-P1. Does that mean it was built with --enable-threads?

Thanks for your help.

Mark Andrews wrote:

>>I am running bind version "BIND 9.2.2-P1" and I notice that my query
>>times are very long. When I run Ethereal to see why, I see that initial
>>queries are sending the OPT pseudo RR. Almost every nameserver out
>>there responds to this with RCODE "format error" and then bind issues
>>another query without this extension.
>>
>>
>
> Actually the majority of servers out there know about EDNS.
>
>
>
>>This is really increasing my relsoving time. I would really like to
>>disable this, but apparently I can only do this on a per server basis.
>>
>>
>
> The delays caused by EDNS probes are generally not noticable to
> the end user.
>
> You are most probably seeing the side effects of the addition of
> AAAA records for A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET. This
> tickled a bug in BIND 9 (fixed in 9.2.5/9.3.1 out soon). This also
> exposed misconfigured firewalls that incorrectly dropped EDNS
> replies bigger than 512 octets. The EDNS referral to the COM /
> NET servers now exceeds 512 octets.
>
> Upgrade to 9.3.0 and run "named -4" to work around the BIND 9
> bug.
>
> Upgrade to 9.3.0 and set "edns-udp-size 512;" in options if you
> have a broken firewall. This should be seen as a short term
> work-around until you get the firewall fixed.
>
> You can determine if the firewall is misconfigured if you get
> a response to the first query and not to the second query.
>
> dig soa com +norec @a.root-servers.net
> dig soa com +norec +bufsize=1024 @a.root-servers.net
>
>
>
>>First, I would like to know how to disable this globally (hopefully
>>without recompililng). But something makes me think this is not what I
>>want to do. I just can't believe that ISC would release BIND9
>>configured by default to double resolving times. Am I doing something
>>wrong?
>>
>>---
>>Joe Harvell
>>
>>
>>
>>
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
>
>
>


Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:50 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0