North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Verisign broke GTLDs again?
In article <42887A19.firstname.lastname@example.org> you write: > >Noticied today. All Verisign's GTLD servers broke >EDNS0 (RFC2671). Here's how it looks like: > >query: > >$ dnsget -t mx -vv microsoft.net. -n 126.96.36.199 >;; trying microsoft.net. >;; sending 42 bytes query to 188.8.131.52 port 53 >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64471, size: 42 >;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > >;; QUERY SECTION (1): >;microsoft.net. IN MX > >;; ADDITIONAL section (1): >;EDNS0 OPT record (UDPsize: 4096): 0 bytes > >Note the EDNS0 stuff (numar=1). And here's the reply to this query: > >;; received 12 bytes response from 184.108.40.206 port 53 >;; unexpected number of entries in QUERY section: 0 >;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 64471, size: 12 >;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > >;; QUERY SECTION (0): >; invalid query section > > >They're returning FORMERR (which is wrong), *and* don't return the >original query (numqd=0). > >Without EDNS0 extensions, it works like expected. > >/mjt This is the expected response from a server that doesn't understand EDNS. If you can't parse the original query, which is what FORMERR indicates, then the only thing you can safely send back is the DNS header. Mark