Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: ordns.he.net lacks EDNS?  (Read 4509 times)

gribozavr

  • Newbie
  • *
  • Posts: 5
ordns.he.net lacks EDNS?
« on: December 16, 2011, 03:25:53 AM »

Recently I noticed that ordns.he.net sometimes returns results in 2+ seconds.  Can EDNS be the problem?

Code: [Select]
$ dig +short rs.dns-oarc.net txt @74.82.42.42
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"216.66.80.30 DNS reply size limit is at least 490"
"Tested at 2011-12-16 11:21:14 UTC"
"216.66.80.30 lacks EDNS, defaults to 512"
Logged

snarked

  • Hero Member
  • *****
  • Posts: 803
Re: ordns.he.net lacks EDNS?
« Reply #1 on: December 16, 2011, 11:49:46 AM »

The main DNS servers (ns[1-5].he.net) also lack the understanding of an "ANY"-RR query (returning SERVFAIL).  74.82.42.42 does seem to understand "ANY" queries.  ALL of them will use TCP for large answers.  However, I agree that the DNS resolver server named lacks EDNS.

Looks like HE has some upgrading to do....
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 965
Re: ordns.he.net lacks EDNS?
« Reply #2 on: December 16, 2011, 03:13:13 PM »

I don't know if it is related, but I frequently see timeouts when trying to query 74.82.42.42. If I use 2001:470:20::2, it responds immediately.
Logged

realdreams

  • Newbie
  • *
  • Posts: 25
Re: ordns.he.net lacks EDNS?
« Reply #3 on: October 14, 2012, 06:03:20 PM »

I guess this is probably to prevent abuse...
EDNS can be used for reflection DDos attacks
Logged