Problem with EDNS0 on some DNSs

Michael Tokarev mjt+udns at corpit.ru
Thu Dec 11 12:10:28 MSK 2008 

Jon Ander Ortiz wrote:
> Hi everyone:
> 
> I´ve found some problems with ENDS0 and UDNS in my development area.
> The problem is that UDNS sets by default the ENDS0 flag in the ougoing
> DNS Standard requests, but my DNS Servers does not supports this
> feature. This is not extrange, the DNS Server, sends a Format error and
> UDNS retries without the flag. But if i send two async requests over the
> same context, the DNS Servers, only sends format error for the first
> one. The other dies of Timestap (I use libevent to implement the
> event-loop).

That's wrong: your server should reply to every request.

> I know that probabily this issue comes from a problem in the DNS
> Servers. But, in the udns is not possible to configure how to send the
> ENDS0 flag. I've patched the last udns to fix this problem, being
> available to configure the send of the EDNS0 flag (In my case, setting
> it off works fine!) using dns_set_opt.

There is a way already -- set udp buffer size to 512 bytes.  Either
with environment variable (RES_OPTIONS="udpbuf=512"), or using mentioned
dns_set_opt(DNS_OPT_UDPSIZE, 512).

> In this situation, i've some questions:
> 
> ¿Is the behaviour that i've found normal?

No. Your dns server is wrong.

> ¿Someone has found this problem elsewhere or my DNS Servers are from the
> stone age?

You're the first to report such a thing.  However, there are nameservers
out there that just discard queries they don't understand, which is worse
than your case, and those were reported.

In your and other similar cases I'd recommend adding

  options udpbuf=512

into /etc/resolv.conf file.  Other resolvers should just ignore options
they don't understand.  But note that this is not a solution and not even
a work-around: udns needs EDNS0, because it is UDP-only, and quite some
replies will not fit in 512 bytes.

> If this patch should be usefull for someone, i'd be pleased to sent it.

The functionality is already here - see above.  What's missing, it seems,
is that it's not at all obvious how to control EDNS0, i.e., documentation
details.

/mjt

More information about the udns mailing list