Author Topic: How to update BIND for EDNS?  (Read 7486 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to update BIND for EDNS?
« on: January 24, 2019, 09:07:54 AM »
my system:
CentOS release 6.9 (Final)
version.bind. «9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5


EDNS say: failure to address issues identified here may make
(ns01.freenom.com.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid (aws2)


Warning: failure to address issues identified here may make
future DNS extensions that you want to use ineffective. In
particular echoing back unknown EDNS options and unknown
EDNS flags will break future signaling between DNS client
and DNS server. We already have examples of this where you
cannot depend on the AD flag bit meaning anything in
replies because too many DNS servers just echo it back.
Similarly the EDNS Client Subnet (ECS) option cannot just be
sent to everyone in part because of servers just echoing
it back.
EDNS - Unknown Version Handling (edns1)
dig +nocookie +norec +noad +edns=1 +noednsneg soa zone @server
expect: BADVERS
expect: OPT record with version set to 0
expect: not to see SOA
See RFC6891, 6.1.3. OPT Record TTL Field Use

EDNS - Unknown Version with Unknown Option Handling (edns1opt)
dig +nocookie +norec +noad +edns=1 +noednsneg +ednsopt=100 soa
zone @server expect: BADVERS
expect: OPT record with version set to 0
expect: not to see SOA
expect: that the option will not be present in response

Offline
***
Re: How to update BIND for EDNS?
« Reply #1 on: January 27, 2019, 06:20:28 PM »
"Bind" or just "dig"..?

To compile dig with EDNS client-subnet support:

https://www.gsic.uva.es/~jnisigl/dig-edns-client-subnet.html

Regards,
Netino

Offline
*
Re: How to update BIND for EDNS?
« Reply #2 on: January 27, 2019, 07:25:47 PM »
yum update bind
not better?

Offline
***
Re: How to update BIND for EDNS?
« Reply #3 on: January 27, 2019, 07:30:20 PM »
You would need to find an repository, distributing binaries complied to CentOS.
The default is not compiled with EDNS support.