EDNS Compliance Tester

Checking: 'echangesprives.fr' as at 2024-10-11T21:20:14Z

echangesprives.fr. @162.159.24.201 (ns1.dns-parking.com.): dns=ok zflag=ok edns=ok edns1=noerror,badversion edns@512=ok,notc ednsopt=ok edns1opt=noerror,badversion do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid,subnet (467m11)
echangesprives.fr. @2400:cb00:2049:1::a29f:18c9 (ns1.dns-parking.com.): dns=ok zflag=ok edns=ok edns1=noerror,badversion edns@512=ok,notc ednsopt=ok edns1opt=noerror,badversion do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid,subnet (467m153)

echangesprives.fr. @162.159.25.42 (ns2.dns-parking.com.): dns=ok zflag=ok edns=ok edns1=noerror,badversion edns@512=ok,notc ednsopt=ok edns1opt=noerror,badversion do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid (467m142)
echangesprives.fr. @2400:cb00:2049:1::a29f:192a (ns2.dns-parking.com.): dns=ok zflag=ok edns=ok edns1=noerror,badversion edns@512=ok,notc ednsopt=ok edns1opt=noerror,badversion do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid,subnet (4m877)

The Following Tests Failed

Warning: test failures may indicate that some DNS clients cannot resolve the zone or will get a unintended answer or resolution will be slower than necessary.

Warning: failure to address issues identified here may make future DNS extensions that you want to use ineffective. In particular echoing back unknown EDNS options and unknown EDNS flags will break future signaling between DNS client and DNS server. We already have examples of this where you cannot depend on the AD flag bit meaning anything in replies because too many DNS servers just echo it back. Similarly the EDNS Client Subnet (ECS) option cannot just be sent to everyone in part because of servers just echoing it back.

• EDNS - Unknown Version Handling (edns1)

  dig +nocookie +norec +noad +edns=1 +noednsneg soa zone @server
  expect: BADVERS
  expect: OPT record with version set to 0
  expect: not to see SOA
  See RFC6891, 6.1.3. OPT Record TTL Field Use

• EDNS - Unknown Version with Unknown Option Handling (edns1opt)

  dig +nocookie +norec +noad +edns=1 +noednsneg +ednsopt=100 soa zone @server
  expect: BADVERS
  expect: OPT record with version set to 0
  expect: not to see SOA
  expect: that the option will not be present in response
  See RFC6891

Codes

• ok - test passed.
• nsid - NSID supported [RFC5001].
• subnet - EDNS Client Subnet supported [RFC7871].
• noerror - rcode NOERROR returned when not expected.
• badversion - inconsistent EDNS version returned.

To retrieve this report in the future: https://ednscomp.isc.org/ednscomp/526c1b8da3

The source code for the tester can be downloaded from ISC Open Source Projects / DNS-Compliance-Testing.

For more information about EDNS please see the main site.

© 2015 Internet Systems Consortium - Powered By: CGIC (License) - Thomas Boutell