3-5 October 2015
Fairmont Queen Elizabeth
US/Eastern timezone
Home > Timetable > Session details > Contribution details


Fairmont Queen Elizabeth - St-Francois
Lightning Presentations

Impact of unknown EDNS options on the DNS


  • victoria RISK

Primary authors

Abstract content

The EDNS (Extension mechanisms for DNS) protocol allows us to add new features to DNS that were not envisioned when DNS was originally specified. DNSSEC, Client-subnet Identifier and DNS cookies are applications that use EDNS.

It appears from ISC's testing that a significant percentage of sites that support EDNS do not respond well to unknown EDNS options. The failure mode can be as severe as disabling EDNS (breaking DNSSEC). We are reluctant to encourage the use of new EDNS options until there is better tolerance for unknown EDNS options in the DNS. We would like to raise awareness of the issue, and find out what the community thinks we should do to address it.

This presentation will review the results of our testing and the current EDNS failure modes we see, and explain how to test your own site for compliance.

Please also consider this submission for the NANOG65 DNS track