Re: Verisign broke GTLDs again?

[Michael Tokarev <mjt () tls msk ru>]

Mark Andrews wrote:
> In article <42887A19.2010701 () tls msk ru> you write:
>
> > Noticied today.  All Verisign's GTLD servers broke
> > EDNS0 (RFC2671).  Here's how it looks like:
[]
> > ;; received 12 bytes response from 192.5.6.30 port 53
> > ;; unexpected number of entries in QUERY section: 0
> > ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 64471, size: 12
> > ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>       This is the expected response from a server that doesn't
>       understand EDNS.  If you can't parse the original query,
>       which is what FORMERR indicates, then the only thing you
>       can safely send back is the DNS header.

Well ok, I know it's kinda expected -- "i don't understand what you're
asking for, can't even repeat your question".  But the next question
is -- *why*?  When at least half the world is actually *using* EDNS0
(bind8 and bind9 clients does), and another half a word isn't
"dropping" EDNS0 stuff, -- why so important component of worldwide DNS
infrastructure "does not understand" it?

It looks pretty much like situation with ECN: you don't have to
"support" it, but don't munge and drop it, just pass it along.

*especially* when you're an "internet backbone".

/mjt