[DNSOP] Sending unknown / unspecified EDNS options to authoritative DNS servers

Mark Andrews <marka@isc.org> Mon, 15 November 2021 21:32 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 5CAFD3A0A46 for <dnsop@ietfa.amsl.com>; Mon, 15 Nov 2021 13:32:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b=NdWmzrmm; dkim=pass (1024-bit key) header.d=isc.org header.b=nZDvUJvP
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id LOC9MdO-d1Aa for <dnsop@ietfa.amsl.com>; Mon, 15 Nov 2021 13:32:49 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D9D73A077C for <dnsop@ietf.org>; Mon, 15 Nov 2021 13:32:49 -0800 (PST)
Received: from zimbrang.isc.org (zimbrang.isc.org []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id BFF79433F01 for <dnsop@ietf.org>; Mon, 15 Nov 2021 21:32:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1637011967; bh=poK1y8ra1SelcsOG1B0BusbLY1y3uqH13R6TBH01aAo=; h=From:Subject:Date:To; b=NdWmzrmmx/YdBseVZKaO425yvnZRtEaCZrINaH2p6ZFuriZdFocB+rEOdkXCo+kZq PlZITXfUuqDiw6sdavXXFkSbKieTkLiD8S+thuHQq0eypb4/0Zi9aWEOe7ByAlnWTN +VMdizMcOglGRxGZmDW1BM3CceB6wAkYr7rAy/ho=
Received: from zimbrang.isc.org (localhost.localdomain []) by zimbrang.isc.org (Postfix) with ESMTPS id B2D43F20BD4 for <dnsop@ietf.org>; Mon, 15 Nov 2021 21:32:47 +0000 (UTC)
Received: from localhost (localhost.localdomain []) by zimbrang.isc.org (Postfix) with ESMTP id 8A992F20C5F for <dnsop@ietf.org>; Mon, 15 Nov 2021 21:32:47 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 8A992F20C5F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1637011967; bh=9cEMSTjHU8Q+7PqTynJ1Bt25nlCXM40BVZRGYgJiatU=; h=From:Mime-Version:Message-Id:Date:To; b=nZDvUJvP9kuJu3xdUYRnUQm9DPeLH76Yc91rsH+56GNmPepqHg1k/ojTw5kCdmumk R02s86ztgmXO9KmIzJmvN4TWBHatFlKOa8U4c2CsOjTJAQxdCNf/2Ihe5k0JCQbJcr wjMJzkxttuJQm2bFmpYmBt3Sc1jVd2T+54DxBwDQ=
Received: from zimbrang.isc.org ([]) by localhost (zimbrang.isc.org []) (amavisd-new, port 10026) with ESMTP id ItPzJopE44FE for <dnsop@ietf.org>; Mon, 15 Nov 2021 21:32:47 +0000 (UTC)
Received: from smtpclient.apple (n114-74-30-70.bla4.nsw.optusnet.com.au []) by zimbrang.isc.org (Postfix) with ESMTPSA id 1E5B1F20BD4 for <dnsop@ietf.org>; Mon, 15 Nov 2021 21:32:46 +0000 (UTC)
From: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Message-Id: <B5C2870E-C010-4FB6-9E76-6F58D2856C86@isc.org>
Date: Tue, 16 Nov 2021 08:32:44 +1100
To: dnsop WG <dnsop@ietf.org>
X-Mailer: Apple Mail (2.3654.
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/61oJg7k-lpr_51TOmfRtMSS0xNQ>
Subject: [DNSOP] Sending unknown / unspecified EDNS options to authoritative DNS servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 21:32:54 -0000

Unfortunately I fell ill right before the WG meeting or I could have answered this then.

I’ve been measuring this behaviour for years now and incorrect behaviour is almost non-existent.

Old versions of MS Windows DNS servers used to echo back unknown EDNS options.  This was fixed by MS a couple of years ago.

Old versions of Jupiter firewalls used to block unknown EDNS options.  Juniper fixed these several years ago. These have mostly been replaced.

There where servers that returned FORMERR to unknown EDNS options.  These too have mostly gone in the last couple of years.

There are servers that only return EDNS responses to specific EDNS options.

Having recursive DNS servers that are sending EDNS options by default in requests has cleared out most of the broken servers.

Anyway the time series and responses from the last daily runs are available at https://ednscomp.isc.org for a number of target populations.  The two listed below are for all the servers for .GOV zones.



Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org