[Pdns-users] Erroneous NXDOMAIN from Ebay triggered by EDNS extra info

Peter van Dijk peter.van.dijk at netherlabs.nl
Sat Dec 28 20:57:25 UTC 2013

Hello Steinar,

On Dec 27, 2013, at 14:49 , sthaug at nethelp.no wrote:

>        0x0040:  .......00 0800 0500 0456 6086 8e
> According to RFC 6975, Option code 5 of the OPT RR should be used to
> signal DAU (DNSSEC Algorithm Understood) - however, I doubt that this
> is really what PowerDNS recursor is trying to tell me here. It seems
> more likely that the inclusion of these additional 8 bytes in the
> query is a bug in PowerDNS recursor 3.5.3.

Our usage of option code 5 is for the expired EDNS PING draft. We recommend running with disable-edns-ping now (because of eBay).

eBay's name servers are severely broken -- various non-vanilla aspects of DNS will trigger NXDOMAINs from their name servers. This is a serious bug on their end and we have been working on getting them to fix it (without success, so far).

> Anybody else seen this?
> Full pcap files available on request.

No need to keep them around for us.

Thank you for your very extensive report, we highly appreciate it!

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20131228/7a33e2c9/attachment-0001.sig>

More information about the Pdns-users mailing list