Please support EDNS(0) (rfc6891) for large UDP packets for DNSSEC

raf4

New Member
Hi,
Please enable EDNS(0) in your name servers. It would benefit your users whose domains are DNSSEC-signed. It enables larger UDP packets, so that there is less need to use TCP for DNS traffic. It might even alleviate your network load. It should just be a matter of not disabling it in your name server software, and not blocking large UDP DNS packets in your firewall. When I check my domain with dnsviz.net, it reports no response over UDP from 2a03:b0c0:0:1010::7e:7001 (i.e. ns17.zoneedit.com) due to NOEDNS.
Thanks.
 

raf4

New Member
I was using the original name server names (e.g. ns2.zoneedit.com). I didn't realise that they have been renamed (e.g. dns1.zoneedit.com). When I updated the names with my registrar, and performed the test again, it was fine. So maybe it's OK. But since the old names are still in use, and still seem to work, they should work fully. Cheers.
 

Chris Cherry

Mr. Happy To Help You.
Thank you for the info and update regarding your inquiry. I'll pass this by our devs this coming week.
 
Top