Generated: 2017-06-25T00:00:00Z -- 2017-06-25T00:04:37Z

Disclaimer:

The following report was generated automatically. Packet loss and network issues may have introduced false positives. Please verify the results before taking action.
You can report issues with this report to: marka@isc.org

Why you should care:

Most recursive resolvers now support EDNS. Lack of EDNS support in authoritative servers results in additional queries being made as the recursive servers need to retry with plain DNS and results in slower DNS resolution.

Not answering EDNS queries is particularly bad as that is indistingishable from packet loss.

Incorrect EDNS behaviour when presented with unknown EDNS versions and EDNS options can result in DNS resolution failures and/or DNSSEC validation failures.

Failure to run fully EDNS compliant nameservers will make it hard to deploy developments like DNS COOKIES which provides mitigation against DNS amplification attacks, off path spoofing resistance, RRL advoidance and excessive resource usage.

Codes

ok - test passed.
badvers - BADVERS returned.
badversion - expected EDNS version not found.
echoed - EDNS option echoed back.
formerr - FORMERR returned.
mbz - EDNS flags echoed back.
nodo - EDNS DO flag not echoed.
noopt - OPT record not found when expected. nosoa - SOA not found when expected.
notimp - NOTIMP returned.
refused - REFUSED returned.
servfail - SERVFAIL returned.
soa - SOA found when not expected.
status - expected status code not found.
toobig - UDP response bigger that advertised buffer size.
version - expected EDNS version not found.
reset - TCP connection reset.
timeout - lookup timed out.

Summary

Of servers that responded at all:
7105 of 7133 (99.61%) responded to a EDNS version 0 query
7105 of 7133 (99.61%) responded to a EDNS unknown option
7098 of 7133 (99.51%) responded to a EDNS unknown flags
7091 of 7133 (99.41%) responded to a EDNS version 1 query
7091 of 7133 (99.41%) responded to a EDNS unknown version and option

7107 of 7133 (99.64%) of nameservers support EDNS
7053 of 7107 (99.24%) EDNS capable servers are all ok
7080 of 7107 (99.62%) EDNS capable servers support unknown EDNS versions
7100 of 7107 (99.90%) EDNS capable servers support unknown EDNS options
7095 of 7107 (99.83%) EDNS capable servers support unknown EDNS flags
7080 of 7107 (99.62%) EDNS capable servers support unknown EDNS version and options
7100 of 7107 (99.90%) EDNS capable servers support DO=1

3114 of 7107 (43.82%) EDNS capable servers return a NSID option
805 of 7107 (11.33%) EDNS capable servers return a EXPIRE option
70 of 7107 (0.98%) EDNS capable servers return a SUBNET option
230 of 7107 (3.24%) EDNS capable servers return a Server EDNS COOKIE option

Details:

No Addresses Records Found (10/13739)

gw. ns4.dns.pt: no address records found (NXDOMAIN)
nr. ns1.net.reach.com: address lookups failed
td. ns1.nic.td: no address records found (NXDOMAIN)
xn--fzc2c9e2c. ns3.ac.lk: no address records found (NXDOMAIN)
xn--mgba3a4f16a. ns.irnic.ir: no address records found (NXDOMAIN)
xn--mgbc0a9azcg. hariss.anrt.ma: no address records found (NXDOMAIN)
xn--p1acf. tld1.coccaregistry.org: no address records found
xn--xkc2al3hye2a. ns3.ac.lk: no address records found (NXDOMAIN)
xn--ygbi2ammx. idn.pnina.ps: no address records found (NXDOMAIN)
zw. ns3.telone.co.zw: no address records found (NXDOMAIN)

DNS lookup of zone SOA failed (87/13739)

(dig +noedns +norec soa $zone @$server)
expect: status: NOERROR
expect: SOA record

ao. @2c0f:f828:2::b (ns02.dns.ao.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
at. @2a02:568:20:1::d (d.ns.at.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
az. @2a00:1c88:d01:15::8 (ns.demos.su.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
az. @2a00:1c88:d01:15::9 (ns.demos.su.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
bd. @2407:5000:88:5::3 (dns.bd.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
bf. @193.50.53.3 (ns1.ird.fr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
cd. @2c0e:2001:4000:1::c419:109 (sangoma.saix.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
cf. @2a04:1b00:4::1 (a.ns.cf.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
cf. @2a04:1b00:6::1 (c.ns.cf.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
cf. @2a04:1b00:7::1 (d.ns.cf.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ci. @193.50.53.3 (ns1.ird.fr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
cm. @193.0.9.68 (cm.cctld.authdns.ripe.net.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid signed=refused ednstcp=refused
cm. @2001:67c:e0::68 (cm.cctld.authdns.ripe.net.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid signed=refused ednstcp=refused
cv. @204.152.184.64 (ns-ext.isc.org.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=formerr signed=servfail ednstcp=servfail
cv. @2001:4f8:0:2::13 (ns-ext.isc.org.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=formerr signed=servfail ednstcp=servfail
cw. @198.93.177.21 (ns1.uoc.cw.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=connection-refused
dj. @194.51.3.49 (bow.rain.fr.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
dz. @2001:4340:1030:2::2 (ns1.nic.dz.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
et. @193.0.9.73 (et.cctld.authdns.ripe.net.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid signed=refused ednstcp=refused
et. @2001:67c:e0::73 (et.cctld.authdns.ripe.net.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid signed=refused ednstcp=refused
fj. @2001:dd8:0:1:21d:9ff:fe6d:d5cf (manu.usp.ac.fj.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
fj. @2001:dd8:0:1:20c:29ff:fe9e:3eec (teri.usp.ac.fj.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
fj. @128.32.136.3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
fj. @2607:f140:ffff:fffe::3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
fj. @128.32.136.14 (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
fj. @2607:f140:ffff:fffe::e (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
fk. @141.1.27.251 (euro-ns3.cw.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=failed
ga. @2a04:1b00:c::1 (a.ns.ga.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ga. @2a04:1b00:e::1 (c.ns.ga.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ga. @2a04:1b00:f::1 (d.ns.ga.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
gq. @2a04:1b00:10::1 (a.ns.gq.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
gq. @2a04:1b00:12::1 (c.ns.gq.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
gq. @2a04:1b00:13::1 (d.ns.gq.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
il. @2a02:568:ffff:8::53 (nsg.ns.il.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
iq. @194.117.57.100 (ns1.cmc.iq.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
jm. @200.9.115.2 (ns.utechjamaica.edu.jm.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
jo. @193.188.69.19 (jordan1st.nic.gov.jo.): dns=noaa edns=noaa edns1=ok edns@512=noaa ednsopt=noaa edns1opt=ok do=noaa ednsflags=noaa optlist=noaa signed=noaa ednstcp=noaa
ki. @2001:500:90::87 (ki1.dyntld.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ki. @2001:500:94::87 (ki3.dyntld.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
km. @196.216.168.46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
km. @2001:43f8:120::46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
kr. @202.31.190.1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
kr. @2001:dc5:a::1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=connection-refused
kw. @168.187.5.12 (kwns.kems.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=connection-refused
mh. @2405:400:0:2::33 (ns.ntamar.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ml. @2a04:1b00::1 (a.ns.ml.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ml. @2a04:1b00:1::1 (b.ns.ml.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ml. @2a04:1b00:2::1 (c.ns.ml.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ml. @2a04:1b00:3::1 (d.ns.ml.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=ok,nsid signed=timeout ednstcp=ok
mr. @82.151.64.1 (ns.univ-nkc.mr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ms. @128.223.32.35 (phloem.uoregon.edu.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
ms. @2001:468:d01:20::80df:2023 (phloem.uoregon.edu.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
ms. @199.7.90.2 (mnidns1.mninet.ms.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ne. @194.51.3.49 (bow.rain.fr.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
ne. @196.216.168.45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
ne. @2001:43f8:120::45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
ni. @163.178.8.2 (ns.cr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
ni. @200.62.64.1 (ns.tmx.com.ni.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
samsung. @202.31.190.1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
samsung. @2001:dc5:a::1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=connection-refused
sd. @196.29.180.14 (ans1.canar.sd.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
sd. @196.29.164.14 (ans2.canar.sd.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=ok
td. @196.216.168.31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
td. @2001:43f8:120::31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
tg. @188.165.33.42 (ns5.admin.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
tg. @2001:41d0:8:5c79::3 (ns5.admin.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
vu. @203.119.43.53 (anytld.apnic.net.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=timeout
vu. @2001:dd8:12::53 (anytld.apnic.net.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
xn--3e0b707e. @202.31.190.1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--3e0b707e. @2001:dc5:a::1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=connection-refused
xn--54b7fta0cc. @2407:5000:88:2::3 (bayanno.btcl.net.bd.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--54b7fta0cc. @2407:5000:88:1::2 (ekushey.btcl.net.bd.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--cg4bki. @202.31.190.1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--cg4bki. @2001:dc5:a::1 (g.dns.kr.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=connection-refused
xn--j1amh. @212.1.66.247 (nsi.uanic.net.): dns=servfail edns=servfail edns1=ok edns@512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
xn--j1amh. @2607:5300:60:2e43::5 (dns1.u-registry.com.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--j1amh. @2001:41d0:a:2b1f::1 (dns3.dotukr.com.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--lgbbat1ad8j. @193.194.64.243 (idn1.nic.dz.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=ok
xn--lgbbat1ad8j. @2001:4340:1030:2::4 (idn1.nic.dz.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--mgbayh7gpa. @193.188.69.19 (jordan1st.nic.gov.jo.): dns=nosoa,noaa edns=nosoa,noaa edns1=ok edns@512=noaa ednsopt=nosoa,noaa edns1opt=ok do=nosoa,noaa ednsflags=nosoa,noaa optlist=nosoa,noaa signed=nosoa,noaa ednstcp=noaa
xn--mgbc0a9azcg. @81.192.21.41 (dns2.menara.ma.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
xn--mgbc0a9azcg. @81.192.21.73 (dns3.menara.ma.): dns=refused edns=refused edns1=ok edns@512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
xn--mgbtx2b. @194.117.57.100 (ns1.cmc.iq.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--node. @2a04:1b00:8::4 (a.xn--node.globalanycastcloud.freenom.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--node. @2a04:1b00:a::4 (c.xn--node.globalanycastcloud.freenom.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--node. @2a04:1b00:b::4 (d.xn--node.globalanycastcloud.freenom.net.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout
xn--wgbh1c. @81.10.38.11 (ns3.dotmasr.eg.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=timeout optlist=timeout signed=timeout ednstcp=failed

EDNS not supported (4/13739)

(dig +edns +norec soa $zone @$server)
expect: status: NOERROR
expect: SOA record to be present
expect: OPT record to be present
expect: EDNS Version 0 in response
See RFC6891

If you do not wish to support EDNS you should still respond to the query. You can ignore the OPT record and respond to the query as if the OPT record was not present or you can respond with one of the error codes: FORMERR or NOTIMP.

im. @217.23.163.140 (hoppy.iom.com.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
im. @217.23.160.50 (barney.advsys.co.uk.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
im. @80.168.83.242 (pebbles.iom.com.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
ye. @195.94.0.34 (sah1.ye.): dns=ok edns=formerr,noopt edns1=formerr,noopt edns@512=formerr,noopt ednsopt=formerr,noopt edns1opt=formerr,noopt do=formerr,noopt ednsflags=formerr,noopt optlist=formerr,noopt signed=formerr,noopt ednstcp=formerr,noopt

EDNS(0) version not handled correctly (16/13633)

(dig +edns +norec soa $zone @$server)
expect: status: NOERROR
expect: SOA record to be present
expect: OPT record to be present
expect: EDNS Version 0 in response
See RFC6891

cf. @2a04:1b00:5::1 (b.ns.cf.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
kr. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
samsung. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
si. @194.146.106.62 (f.dns.si.): dns=timeout edns=timeout edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,nsid signed=ok,yes ednstcp=ok
si. @2001:67c:1010:15::53 (f.dns.si.): dns=timeout edns=timeout edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,nsid signed=ok,yes ednstcp=ok
sncf. @194.146.106.46 (f.ext.nic.fr.): dns=timeout edns=timeout edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,nsid signed=ok,yes ednstcp=ok
sncf. @2001:67c:1010:11::53 (f.ext.nic.fr.): dns=timeout edns=timeout edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,nsid signed=ok,yes ednstcp=ok
tm. @91.208.95.22 (ns-y1.tm.): dns=timeout edns=timeout edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
tm. @2001:470:1f07:d0b::22 (ns-y1.tm.): dns=timeout edns=timeout edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
vn. @2001:dc8:d000:2::105 (f.dns-servers.vn.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,expire signed=ok,yes ednstcp=ok
xn--3e0b707e. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--cg4bki. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok

Unknown EDNS version not handled correctly (33/13633)

(dig +edns=1 +norec soa $zone @$server)
expect: status: BADVERS
expect: SOA record to NOT be present
expect: OPT record to be present
expect: EDNS Version 0 in response
See RFC6891, 6.1.3. OPT Record TTL Field Use

Timeouts on this test and edns1opt and possibly ednsflags indicate a badly configured firewall that is dropping packets just because the EDNS version is not zero. This breaks EDNS version negotiation. There is no known security flaw that will be triggers by allowing these packets through to the server.

cf. @2a04:1b00:5::1 (b.ns.cf.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
ge. @212.72.130.11 (ns.nic.ge.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
kp. @175.45.176.15 (ns1.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kp. @175.45.176.16 (ns2.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kr. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
kw. @161.252.48.140 (dns1.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.150 (dns2.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.145 (dns3.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
lb. @193.188.128.14 (zeina.aub.edu.lb.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok,expire,cookie,subnet signed=ok,yes ednstcp=ok
md. @217.26.144.15 (nsb.dns.md.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok ednstcp=ok
md. @217.26.144.5 (ns-int.dns.md.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok ednstcp=ok
mp. @202.128.29.2 (ns1.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @202.128.29.135 (ns2.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @75.101.129.89 (ns3.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @75.101.133.101 (ns4.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
np. @202.52.255.5 (shikhar.mos.com.np.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
ps. @213.244.82.147 (dns1.gov.ps.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok
sa. @86.111.192.9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
sa. @2001:67c:130:410::9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
samsung. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
vn. @203.119.73.105 (b.dns-servers.vn.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
vn. @2001:dc8:1:2::105 (b.dns-servers.vn.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
vn. @2001:dc8:d000:2::105 (f.dns-servers.vn.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,expire signed=ok,yes ednstcp=ok
vu. @202.80.32.9 (ns1-cctld.vunic.vu.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok,yes ednstcp=ok
xn--3e0b707e. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--cg4bki. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--mgberp4a5d4ar. @86.111.192.9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
xn--mgberp4a5d4ar. @2001:67c:130:410::9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
xn--ygbi2ammx. @213.244.82.147 (dns1.gov.ps.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok

OPT not included in truncated response (13/13633)

(dig +edns +dnssec +bufsize=512 +norec +ignore dnskey $zone @$server)
expect: status: NOERROR
expect: OPT record to be present
expect: UDP DNS message size to be less than or equal to 512 bytes
See RFC6891, 7. Transport Considerations

This test requires that there be a signed DNSKEY RRset at the zone apex to trigger truncation for the test to be valid. Errors may be under reported as a result.

timeout and notimp may be due to mishandling of DNSKEY by the nameserver.

cf. @2a04:1b00:5::1 (b.ns.cf.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
int. @128.16.5.32 (ns1.cs.ucl.ac.uk.): dns=ok edns=ok edns1=ok edns@512=noaa ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok signed=ok ednstcp=ok
kp. @175.45.176.15 (ns1.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kp. @175.45.176.16 (ns2.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kr. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
samsung. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
vn. @2001:dc8:d000:2::105 (f.dns-servers.vn.): dns=timeout edns=timeout edns1=timeout edns@512=timeout ednsopt=ok edns1opt=ok do=ok ednsflags=ok optlist=ok,expire signed=ok,yes ednstcp=ok
xn--3e0b707e. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--cg4bki. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok

Unknown EDNS options not correctly handled (10/13633)

(dig +ednsopt=100 +norec soa $zone @$server)
expect: status: NOERROR
expect: SOA record to be present
expect: OPT record to be present
expect: OPT=100 to not be present
See RFC6891, 6.1.2 Wire Format

et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
kr. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
samsung. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--3e0b707e. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--cg4bki. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
za. @196.21.79.50 (disa.tenet.ac.za.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=echoed edns1opt=echoed do=ok ednsflags=ok optlist=ok,subnet signed=ok,yes ednstcp=ok
za. @2001:4200:ffff:a::1 (disa.tenet.ac.za.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=echoed edns1opt=echoed do=ok ednsflags=ok optlist=ok,subnet signed=ok,yes ednstcp=ok

Unknown EDNS version + unknown EDNS options not correctly handled (33/13633)

(dig +ednsopt=100 +edns=1 +norec soa $zone @$server)
expect: status: BADVERS
expect: SOA record to NOT be present
expect: OPT record to be present
expect: OPT=100 to not be present
expect: EDNS Version 0 in response
See RFC6891

et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
ge. @212.72.130.11 (ns.nic.ge.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
kp. @175.45.176.15 (ns1.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kp. @175.45.176.16 (ns2.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kr. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
kw. @161.252.48.140 (dns1.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.150 (dns2.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.145 (dns3.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
lb. @193.188.128.14 (zeina.aub.edu.lb.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok,expire,cookie,subnet signed=ok,yes ednstcp=ok
md. @217.26.144.15 (nsb.dns.md.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok ednstcp=ok
md. @217.26.144.5 (ns-int.dns.md.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok ednstcp=ok
mp. @202.128.29.2 (ns1.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @202.128.29.135 (ns2.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @75.101.129.89 (ns3.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @75.101.133.101 (ns4.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
np. @202.52.255.5 (shikhar.mos.com.np.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
ps. @213.244.82.147 (dns1.gov.ps.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok
sa. @86.111.192.9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
sa. @2001:67c:130:410::9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
samsung. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
vn. @203.119.73.105 (b.dns-servers.vn.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
vn. @2001:dc8:1:2::105 (b.dns-servers.vn.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
vu. @202.80.32.9 (ns1-cctld.vunic.vu.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok,yes ednstcp=ok
xn--3e0b707e. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--cg4bki. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--mgberp4a5d4ar. @86.111.192.9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
xn--mgberp4a5d4ar. @2001:67c:130:410::9 (ns1.nic.net.sa.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=timeout signed=ok,yes ednstcp=ok
xn--ygbi2ammx. @213.244.82.147 (dns1.gov.ps.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok
za. @196.21.79.50 (disa.tenet.ac.za.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=echoed edns1opt=echoed do=ok ednsflags=ok optlist=ok,subnet signed=ok,yes ednstcp=ok
za. @2001:4200:ffff:a::1 (disa.tenet.ac.za.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=echoed edns1opt=echoed do=ok ednsflags=ok optlist=ok,subnet signed=ok,yes ednstcp=ok

EDNS + DO=1 not handled correctly (16/13633)

(dig +dnssec +norec soa $zone @$server)
expect: status: NOERROR
expect: SOA record to be present
expect: OPT record to be present
expect: EDNS Version 0 in response
expect: DO flag in response if RRSIG is present in response
See RFC3225

Timeouts on this test (and signed) alone can indicate fragmentation issues at the sender. This would need to be confirmed with more testing.

ad. @2001:660:3006:1::1:1 (ns3.nic.fr.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok,nsid,expire signed=timeout ednstcp=ok
et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
frontdoor. @2001:500:121::30 (ac2.nstld.com.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok signed=timeout ednstcp=ok
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
hu. @2001:660:3005:1::1:2 (ns2.nic.fr.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok,nsid,expire signed=timeout ednstcp=ok
ie. @2001:660:3005:1::1:2 (h.ns.ie.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok,nsid,expire signed=timeout ednstcp=ok
lk. @192.248.8.17 (l.nic.lk.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok signed=timeout ednstcp=ok
nl. @2001:660:3005:1::1:2 (ns-nl.nic.fr.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok,nsid,expire signed=timeout ednstcp=ok
si. @2001:660:3005:1::1:2 (c.dns.si.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok,nsid,expire signed=timeout ednstcp=ok
ua. @216.218.215.27 (he1.ns.ua.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=nodo ednsflags=ok optlist=ok signed=nodo,yes ednstcp=nodo
ua. @2001:470:2e:1::27 (he1.ns.ua.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=nodo ednsflags=ok optlist=ok signed=nodo,yes ednstcp=nodo
xn--fzc2c9e2c. @192.248.8.17 (ns-l.nic.lk.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok signed=timeout ednstcp=ok
xn--pgbs0dh. @2001:660:3005:1::1:2 (ns2.nic.fr.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok,nsid,expire signed=timeout ednstcp=ok
xn--xkc2al3hye2a. @192.248.8.17 (ns-l.nic.lk.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=timeout ednsflags=ok optlist=ok signed=timeout ednstcp=ok

Unknown EDNS flags are not correctly handled (16/13633)

(dig +ednsflags=0x80 +norec soa $zone @$server)
expect: status: NOERROR
expect: SOA record to be present
expect: OPT record to be present
expect: MBZ not to be present
expect: EDNS Version 0 in response
See RFC6891, 6.1.4 Flags

et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
kp. @175.45.176.15 (ns1.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kp. @175.45.176.16 (ns2.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kr. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
kw. @161.252.48.140 (dns1.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.150 (dns2.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.145 (dns3.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
lb. @193.188.128.14 (zeina.aub.edu.lb.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok,expire,cookie,subnet signed=ok,yes ednstcp=ok
ps. @213.244.82.147 (dns1.gov.ps.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok
samsung. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--3e0b707e. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--cg4bki. @202.30.124.100 (e.dns.kr.): dns=ok edns=noopt edns1=timeout edns@512=noopt ednsopt=noopt edns1opt=timeout do=ok ednsflags=noopt optlist=noopt signed=ok,yes ednstcp=ok
xn--ygbi2ammx. @213.244.82.147 (dns1.gov.ps.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok

TCP Not Supported

(dig +norec +edns +dnssec +bufsize=512 +noad +vc dnskey -q $zone @$server)

et. @213.55.64.36 (ns1.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
et. @213.55.64.38 (ns2.telecom.net.et.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.41 (ns1.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
gy. @190.80.0.42 (ns2.gtt.co.gy.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=ok,nsid signed=noopt ednstcp=noopt
kp. @175.45.176.15 (ns1.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kp. @175.45.176.16 (ns2.kptc.kp.): dns=ok edns=ok edns1=timeout edns@512=malformed ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.140 (dns1.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.150 (dns2.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
kw. @161.252.48.145 (dns3.kw.): dns=ok edns=ok edns1=timeout edns@512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=timeout
ua. @216.218.215.27 (he1.ns.ua.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=nodo ednsflags=ok optlist=ok signed=nodo,yes ednstcp=nodo
ua. @2001:470:2e:1::27 (he1.ns.ua.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=nodo ednsflags=ok optlist=ok signed=nodo,yes ednstcp=nodo


© 2017 Internet Systems Consortium