Speaker
victoria risk
(isc)
Description
The EDNS (Extension mechanisms for DNS) protocol allows us to add new features to DNS that were not envisioned when DNS was originally specified. DNSSEC, Client-subnet Identifier and DNS cookies are applications that use EDNS.
It appears from ISC's testing that a significant percentage of sites that support EDNS do not respond well to unknown EDNS options. The failure mode can be as severe as disabling EDNS (breaking DNSSEC). We are reluctant to encourage the use of new EDNS options until there is better tolerance for unknown EDNS options in the DNS. We would like to raise awareness of the issue, and find out what the community thinks we should do to address it.
This presentation will review the [results of our testing][1] and the current EDNS failure modes we see, and explain how to [test your own site][2] for compliance.
[1]: http://ednscomp.isc.org/
[2]: http://ednscomp.isc.org/ednscomp
Please also consider this submission for the NANOG65 DNS track | Yes |
---|
Primary author
victoria risk
(isc)