Recently I noticed that ordns.he.net sometimes returns results in 2+ seconds. Can EDNS be the problem?
$ dig +short rs.dns-oarc.net txt @74.82.42.42
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"216.66.80.30 DNS reply size limit is at least 490"
"Tested at 2011-12-16 11:21:14 UTC"
"216.66.80.30 lacks EDNS, defaults to 512"
The main DNS servers (ns[1-5].he.net) also lack the understanding of an "ANY"-RR query (returning SERVFAIL). 74.82.42.42 does seem to understand "ANY" queries. ALL of them will use TCP for large answers. However, I agree that the DNS resolver server named lacks EDNS.
Looks like HE has some upgrading to do....
I don't know if it is related, but I frequently see timeouts when trying to query 74.82.42.42. If I use 2001:470:20::2, it responds immediately.
I guess this is probably to prevent abuse...
EDNS can be used for reflection DDos attacks