Hi, > On Fri, Jun 24, 2016 at 04:13:56PM +0200, Conrad Hoffmann wrote: >> Yeah, I was pondering the same thing. DNS servers not capable of that >> extensions (very few, I think) would ignore it, so always adding the OPT >> record would be safe indeed.
I would be very careful about that. A lot of DNS implementations have code to deal with servers choking on EDNS0 and either responding with FORMERR or NOTIMPL, or simply dropping the query. See for example "EDNS fallback" at https://www.unbound.net/documentation/requirements.html, or the corresponding PowerDNS logic at https://github.com/PowerDNS/pdns/blob/master/pdns/syncres.cc#L325 It's very nice having support for EDNS0, but IMHO it shouldn't be enabled by default if it doesn't fallback. Best regards, Remi
signature.asc
Description: OpenPGP digital signature