dnsimple/erldns

EDNS issues reported

aeden opened this issue · 1 comments

aeden commented

Your nameservers are returning cached results without paying attention to EDNS options, EDNS version or EDNS flags in present in the query which should be eliciting different results. Additionally your servers are incorrectly echoing unknown EDNS options leading to DNS COOKIE mismatches (RFC 7873).

If the server behind the cache correctly implemented EDNS this would be less of a issue as it would be ignoring unknown EDNS options and EDNS flags and presenting similar answers independent of the EDNS options and flags in the query (RFC 6891). The cache needs to be EDNS version aware so it can correctly perform EDNS version negotiation.

The DNS can only work correctly if both DNS clients and DNS servers follow the DNS protocol. Please contact your DNS vendor for a fix.

Mark

% dig careerhub.com.au. @50.31.242.53 soa +edns=1 +noednsneg ; dig careerhub.com.au. @50.31.242.53 soa
;; Warning: Client COOKIE mismatch

; <<>> DiG 9.11.0a3 <<>> careerhub.com.au. @50.31.242.53 soa +edns=1 +noednsneg
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13189
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 34e53df9ea31e66a (bad)
;; QUESTION SECTION:
;careerhub.com.au.              IN      SOA

;; ANSWER SECTION:
careerhub.com.au.       3600    IN      SOA     ns1.careerhub.com.au. admin.dnsimple.com. 1438314364 86400 7200 604800 300

;; Query time: 184 msec
;; SERVER: 50.31.242.53#53(50.31.242.53)
;; WHEN: Fri Jun 24 11:30:24 EST 2016
;; MSG SIZE  rcvd: 115

;; Warning: Client COOKIE mismatch

; <<>> DiG 9.11.0a3 <<>> careerhub.com.au. @50.31.242.53 soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25504
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 1, flags:; udp: 4096
; COOKIE: 4448cbf37dd43b07 (bad)
;; QUESTION SECTION:
;careerhub.com.au.              IN      SOA

;; ANSWER SECTION:
careerhub.com.au.       3600    IN      SOA     ns1.careerhub.com.au. admin.dnsimple.com. 1438314364 86400 7200 604800 300

;; Query time: 182 msec
;; SERVER: 50.31.242.53#53(50.31.242.53)
;; WHEN: Fri Jun 24 11:30:24 EST 2016
;; MSG SIZE  rcvd: 115
aeden commented

I cannot reproduce.