In article <42887A19.2010701@tls.msk.ru> you write:
Noticied today. All Verisign's GTLD servers broke EDNS0 (RFC2671). Here's how it looks like:
query:
$ dnsget -t mx -vv microsoft.net. -n 192.5.6.30 ;; trying microsoft.net. ;; sending 42 bytes query to 192.5.6.30 port 53 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64471, size: 42 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION (1): ;microsoft.net. IN MX
;; ADDITIONAL section (1): ;EDNS0 OPT record (UDPsize: 4096): 0 bytes
Note the EDNS0 stuff (numar=1). And here's the reply to this query:
;; received 12 bytes response from 192.5.6.30 port 53 ;; unexpected number of entries in QUERY section: 0 ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 64471, size: 12 ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION (0): ; invalid query section
They're returning FORMERR (which is wrong), *and* don't return the original query (numqd=0).
Without EDNS0 extensions, it works like expected.
/mjt
This is the expected response from a server that doesn't understand EDNS. If you can't parse the original query, which is what FORMERR indicates, then the only thing you can safely send back is the DNS header. Mark