Maintained by: NLnet Labs

[Unbound-users] Unbound rejects queries with unknown data in additional section

Alexander E. Patrakov
Fri Jan 11 11:29:33 CET 2013


2013/1/11 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
> Hi Alexander,

> This is not going to work, even if I fix unbound to be more lenient.
> It is not going to be compatible with other software, in general.

Well, just for avoiding misunderstandings - the queries with the
user-tracking record are in fact not supposed to hit unbound. They are
only supposed to hit our proprietary recursive DNS server. But in fact
they do hit unbound if an ISP redirects all DNS traffic to his unbound
servers.

> Your reference to wikipedia does not say that DNS servers ignore stuff
> in the additional section, and that is why EDNS must be backwards
> compatible (does not reply with EDNS OPT unless used in the query).

Quote from the Mechanism section: "The mechanism is backward
compatible, because older DNS responders ignore any RR of the unknown
OPT type in a request".

> EDNS is defined in RFC 2671.  This RFC says that it is accepted
> behaviour to signal non-support for a query with OPT with a FORMERR
> response and that this behaviour is supposed to be handled by
> requestors.  I was not around in the IETF at the time of the EDNS OPT
> standardization, but they certainly did not count on servers ignoring
> the OPT record.

Thanks for correcting me.

-- 
Alexander E. Patrakov