zonemaster-engine icon indicating copy to clipboard operation
zonemaster-engine copied to clipboard

Published 20 hours ago verified publisher icon zonemaster

invalid edns queries

Open jay2398743 opened this issue 1 year ago • 4 comments

It looks like Zonemaster do not follow rfc during queries. When EDNS queries are not accepted causing FORMERR in response, a normal query should be used instead.

jay2398743 avatar Dec 06 '23 12:12 jay2398743

Thank you for your question. Zonemaster is a test tool. In Nameserver02 Zonemaster checks for EDNS support, and if FORMERR is returned, a message is returned to the client that there is no EDNS support for the specific name server. In that case Zonemaster does not requery since that is meaningless.

The Zonemaster queries have another purpose than most DNS queries from "normal" clients. Most test cases do the testing without EDNS, except where DNSSEC support in the query is needed.

Do you have something else in your mind? We might have missed something.

matsduf avatar Dec 06 '23 13:12 matsduf

Zonemaster reports critical error in system and basic (The domain must have at least one working name server) when using non-EDNS servers, and it stops after that doing no more tests.

Since this is the first test Zonemaster is doing, no tests are actually performed

jay2398743 avatar Dec 06 '23 23:12 jay2398743

@jay2398743, could you share what domain name (zone) you have tested so that I can investigate? Either here or in an email directly to me (mats.dufberg at iis.se)?

matsduf avatar Dec 07 '23 06:12 matsduf

See issue https://github.com/zonemaster/zonemaster-engine/issues/1314

matsduf avatar Dec 09 '23 19:12 matsduf