nanog mailing list archives

Re: Verisign broke GTLDs again?

From: Mark Andrews <Mark_Andrews () isc org>
Date: Tue, 17 May 2005 00:06:10 +1000 (EST)


In article <42887A19.2010701 () tls msk ru> you write:


Noticied today.  All Verisign's GTLD servers broke
EDNS0 (RFC2671).  Here's how it looks like:

query:

$ dnsget -t mx -vv microsoft.net. -n 192.5.6.30
;; trying microsoft.net.
;; sending 42 bytes query to 192.5.6.30 port 53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64471, size: 42
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUERY SECTION (1):
;microsoft.net.                 IN      MX

;; ADDITIONAL section (1):
;EDNS0 OPT record (UDPsize: 4096): 0 bytes

Note the EDNS0 stuff (numar=1).  And here's the reply to this query:

;; received 12 bytes response from 192.5.6.30 port 53
;; unexpected number of entries in QUERY section: 0
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 64471, size: 12
;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUERY SECTION (0):
; invalid query section


They're returning FORMERR (which is wrong), *and* don't return the
original query (numqd=0).

Without EDNS0 extensions, it works like expected.

/mjt


        This is the expected response from a server that doesn't
        understand EDNS.  If you can't parse the original query,
        which is what FORMERR indicates, then the only thing you
        can safely send back is the DNS header.

        Mark

Current thread:

Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Mark Andrews (May 16)
  - Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
    - Re: Verisign broke GTLDs again? Florian Weimer (May 16)
    - Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
    - Re: Verisign broke GTLDs again? Florian Weimer (May 16)
    - Re: Verisign broke GTLDs again? Paul Vixie (May 16)
- Re: Verisign broke GTLDs again? Matt Larson (May 16)