Generated: 2017-07-23T00:00:12Z -- 2017-07-26T11:58:22Z

Disclaimer:

The following report was generated automatically. Packet loss and network issues may have introduced false positives. Please verify the results before taking action.
You can report issues with this report to: marka@isc.org

Why you should care:

Most recursive resolvers now support EDNS. Lack of EDNS support in authoritative servers results in additional queries being made as the recursive servers need to retry with plain DNS and results in slower DNS resolution.

Not answering EDNS queries is particularly bad as that is indistingishable from packet loss.

Incorrect EDNS behaviour when presented with unknown EDNS versions and EDNS options can result in DNS resolution failures and/or DNSSEC validation failures.

Failure to run fully EDNS compliant nameservers will make it hard to deploy developments like DNS COOKIES which provides mitigation against DNS amplification attacks, off path spoofing resistance, RRL advoidance and excessive resource usage.

Codes

ok - test passed.
badvers - BADVERS returned.
badversion - expected EDNS version not found.
echoed - EDNS option echoed back.
formerr - FORMERR returned.
mbz - EDNS flags echoed back.
nodo - EDNS DO flag not echoed.
noopt - OPT record not found when expected. nosoa - SOA not found when expected.
notimp - NOTIMP returned.
refused - REFUSED returned.
servfail - SERVFAIL returned.
soa - SOA found when not expected.
status - expected status code not found.
toobig - UDP response bigger that advertised buffer size.
version - expected EDNS version not found.
reset - TCP connection reset.
timeout - lookup timed out.

Summary

Of servers that responded at all:
225160 of 228339 (98.61%) responded to a EDNS version 0 query
224600 of 228339 (98.36%) responded to a EDNS unknown option
222335 of 228339 (97.37%) responded to a EDNS unknown flags
219599 of 228339 (96.17%) responded to a EDNS version 1 query
219549 of 228339 (96.15%) responded to a EDNS unknown version and option

218545 of 228339 (95.71%) of nameservers support EDNS
170491 of 218545 (78.01%) EDNS capable servers are all ok
190668 of 218545 (87.24%) EDNS capable servers support unknown EDNS versions
192396 of 218545 (88.03%) EDNS capable servers support unknown EDNS options
211716 of 218545 (96.88%) EDNS capable servers support unknown EDNS flags
171490 of 218545 (78.47%) EDNS capable servers support unknown EDNS version and options
217093 of 218545 (99.34%) EDNS capable servers support DO=1

23570 of 218545 (10.78%) EDNS capable servers return a NSID option
10732 of 218545 (4.91%) EDNS capable servers return a EXPIRE option
17436 of 218545 (7.98%) EDNS capable servers return a SUBNET option
3427 of 218545 (1.57%) EDNS capable servers return a Server EDNS COOKIE option


© 2017 Internet Systems Consortium