Oct 3 – 5, 2015
Fairmont Queen Elizabeth
US/Eastern timezone

Impact of unknown EDNS options on the DNS

Oct 3, 2015, 4:30 PM
St-Francois (Fairmont Queen Elizabeth)


Fairmont Queen Elizabeth

900 René-Lévesque Blvd W Montreal, QC H3B 4A5 Canada
Lightning Presentations Public Workshop


victoria risk (isc)


The EDNS (Extension mechanisms for DNS) protocol allows us to add new features to DNS that were not envisioned when DNS was originally specified. DNSSEC, Client-subnet Identifier and DNS cookies are applications that use EDNS. It appears from ISC's testing that a significant percentage of sites that support EDNS do not respond well to unknown EDNS options. The failure mode can be as severe as disabling EDNS (breaking DNSSEC). We are reluctant to encourage the use of new EDNS options until there is better tolerance for unknown EDNS options in the DNS. We would like to raise awareness of the issue, and find out what the community thinks we should do to address it. This presentation will review the [results of our testing][1] and the current EDNS failure modes we see, and explain how to [test your own site][2] for compliance. [1]: http://ednscomp.isc.org/ [2]: http://ednscomp.isc.org/ednscomp
Please also consider this submission for the NANOG65 DNS track Yes

Primary author

Presentation materials