• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

ordns.he.net lacks EDNS?

Started by gribozavr, December 16, 2011, 03:25:53 AM

Previous topic - Next topic

gribozavr

Recently I noticed that ordns.he.net sometimes returns results in 2+ seconds.  Can EDNS be the problem?

$ dig +short rs.dns-oarc.net txt @74.82.42.42
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"216.66.80.30 DNS reply size limit is at least 490"
"Tested at 2011-12-16 11:21:14 UTC"
"216.66.80.30 lacks EDNS, defaults to 512"

snarked

The main DNS servers (ns[1-5].he.net) also lack the understanding of an "ANY"-RR query (returning SERVFAIL).  74.82.42.42 does seem to understand "ANY" queries.  ALL of them will use TCP for large answers.  However, I agree that the DNS resolver server named lacks EDNS.

Looks like HE has some upgrading to do....

kasperd

I don't know if it is related, but I frequently see timeouts when trying to query 74.82.42.42. If I use 2001:470:20::2, it responds immediately.

realdreams

I guess this is probably to prevent abuse...
EDNS can be used for reflection DDos attacks