Verisign broke GTLDs again?

Mark Andrews Mark_Andrews at isc.org
Mon May 16 14:06:10 UTC 2005


In article <42887A19.2010701 at tls.msk.ru> you write:
>
>Noticied today.  All Verisign's GTLD servers broke
>EDNS0 (RFC2671).  Here's how it looks like:
>
>query:
>
>$ dnsget -t mx -vv microsoft.net. -n 192.5.6.30
>;; trying microsoft.net.
>;; sending 42 bytes query to 192.5.6.30 port 53
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64471, size: 42
>;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
>;; QUERY SECTION (1):
>;microsoft.net.                 IN      MX
>
>;; ADDITIONAL section (1):
>;EDNS0 OPT record (UDPsize: 4096): 0 bytes
>
>Note the EDNS0 stuff (numar=1).  And here's the reply to this query:
>
>;; received 12 bytes response from 192.5.6.30 port 53
>;; unexpected number of entries in QUERY section: 0
>;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 64471, size: 12
>;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUERY SECTION (0):
>; invalid query section
>
>
>They're returning FORMERR (which is wrong), *and* don't return the
>original query (numqd=0).
>
>Without EDNS0 extensions, it works like expected.
>
>/mjt

	This is the expected response from a server that doesn't
	understand EDNS.  If you can't parse the original query,
	which is what FORMERR indicates, then the only thing you
	can safely send back is the DNS header.

	Mark



More information about the NANOG mailing list