In message <20120216.130143.74691634.sthaug@nethelp.no>, sthaug@nethelp.no writes:
If you want to know if your resolver talks IPv6 to the world and supports 4096 EDNS UDP messages the following query will tell you.
dig edns-v6-ok.isc.org txt
Similarly for IPv4.
dig edns-v4-ok.isc.org txt
Both PowerDNS recursor 3.3 and Nominum CNS 3.0.5 have problems with these queries. They both get the TC answer from 149.20.64.58 / 2001:4f8:0:2::8. Then:
I stated very clearly the conditions under which the queries would resolve.
- CNS tries with 4000 EDNS UDP size (4000 is the CNS documented max UDP size), gets another TC.
- PowerDNS doesn't try to used EDNS at all.
Then they both try TCP and get a RST. And then they return SERVFAIL.
Correct. Those servers are deliberately configured to not answer TCP as they are for testing the EDNS UDP path. They also put out a answer that will exactly fill a 4096 byte EDNS UDP message which is the default and largest EDNS UDP size advertised by named. This allows someone running named to test their firewall configuration to ensure that it will let through any EDNS UDP reply, size wise, that can occur. As IPv4 and IPv6 are often configured independently we provide a way to test each independently.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org