Common operational misconceptions

Mark Andrews marka at
Thu Feb 16 13:51:26 UTC 2012

In message <20120216.130143.74691634.sthaug at>, sthaug at writes:
> > If you want to know if your resolver talks IPv6 to the world and
> > supports 4096 EDNS UDP messages the following query will tell you.
> > 
> > 		dig txt
> > 
> > Similarly for IPv4.
> > 
> > 		dig txt
> Both PowerDNS recursor 3.3 and Nominum CNS 3.0.5 have problems
> with these queries. They both get the TC answer from /
> 2001:4f8:0:2::8. Then:

I stated very clearly the conditions under which the queries would
> - CNS tries with 4000 EDNS UDP size (4000 is the CNS documented max
> UDP size), gets another TC.
> - PowerDNS doesn't try to used EDNS at all.
> Then they both try TCP and get a RST. And then they return SERVFAIL.

Correct. Those servers are deliberately configured to not answer
TCP as they are for testing the EDNS UDP path.  They also put out
a answer that will exactly fill a 4096 byte EDNS UDP message which
is the default and largest EDNS UDP size advertised by named.  This
allows someone running named to test their firewall configuration
to ensure that it will let through any EDNS UDP reply, size wise,
that can occur.  As IPv4 and IPv6 are often configured independently
we provide a way to test each independently.

> Steinar Haug, Nethelp consulting, sthaug at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the NANOG mailing list