[ProgClub programming] EDNS UDP packet size

Justin Steward althalus87 at gmail.com
Sun Feb 26 11:05:03 EST 2012


On Sun, Feb 26, 2012 at 8:26 AM, John Elliot <jj5 at progclub.org> wrote:
> I'm seeing a whole heap of lines like this in our bind logs:
>
> success resolving 'z.arin.net/AAAA' (in 'arin.net'?) after reducing the
> advertised EDNS UDP packet size to 512 octets
>
> A whole heap of lines. (Some from the ProgSoc servers too if memory
> serves.) If you're on the ProgClub admin list you might have noticed
> them in the logwatch reports too. (Don't know if anyone apart from me
> reads those?) I'd rather not have those lines in our logs if I could
> avoid it, so perhaps there is some way of globally configuring this
> so-called "EDNS UDP packet size" as 512 bytes all the time?
>
> Just wondering if anyone knows what to do about this (perhaps nothing?)
> off the top off their head (especially Justin, our resident DNS expert. :)

EDNS exists to allow DNS packets that are bigger than 512 bytes.
Firewalls / NATs often aren't prepared for this, breaking EDNS.

So basically, find the broken firewall and fix it. If that fails, turn
off EDNS by addding this to the end of named.conf.options:

    server ::/0 {
           edns no;
    };

    server 0.0.0.0/0 {
           edns no;
    };

~Justin



More information about the programming mailing list