nanog mailing list archives
Re: Verisign broke GTLDs again?
From: Mark Andrews <Mark_Andrews () isc org>
Date: Tue, 17 May 2005 00:06:10 +1000 (EST)
In article <42887A19.2010701 () tls msk ru> you write:
Noticied today. All Verisign's GTLD servers broke EDNS0 (RFC2671). Here's how it looks like: query: $ dnsget -t mx -vv microsoft.net. -n 192.5.6.30 ;; trying microsoft.net. ;; sending 42 bytes query to 192.5.6.30 port 53 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64471, size: 42 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUERY SECTION (1): ;microsoft.net. IN MX ;; ADDITIONAL section (1): ;EDNS0 OPT record (UDPsize: 4096): 0 bytes Note the EDNS0 stuff (numar=1). And here's the reply to this query: ;; received 12 bytes response from 192.5.6.30 port 53 ;; unexpected number of entries in QUERY section: 0 ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 64471, size: 12 ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION (0): ; invalid query section They're returning FORMERR (which is wrong), *and* don't return the original query (numqd=0). Without EDNS0 extensions, it works like expected. /mjt
This is the expected response from a server that doesn't understand EDNS. If you can't parse the original query, which is what FORMERR indicates, then the only thing you can safely send back is the DNS header. Mark
Current thread:
- Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Mark Andrews (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Florian Weimer (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Florian Weimer (May 16)
- Re: Verisign broke GTLDs again? Paul Vixie (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Mark Andrews (May 16)