Using Extension Mechanisms for DNS (EDNS0)

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using Extension Mechanisms for DNS (EDNS0)

Extension Mechanisms for DNS (EDNS0 as defined in RFC 2671) allow DNS requestors to advertise the size of their UDP packets and facilitate the transfer of packets larger than 512 octets, the original DNS restriction for UDP packet size (RFC 1035). When a DNS server receives a request over the UDP Transport Layer, it identifies the requestor's UDP packet size from the OPT resource record (RR) and scales its response to contain as many resource records as are allowed in the maximum UDP packet size specified by the requestor. For more information about resource records, see Resource records reference. For more information about RFCs, see DNS RFCs.

EDNS0 UDP responses

Before a DNS server assumes that the requestor supports EDNS0, the DNS server must receive a query containing an OPT resource record. An OPT record contains no actual DNS data and its contents relate to the UDP Transport Layer message only. The OPT record stores the sender's UDP payload size in its CLASS field and lists the number of octets in the largest UDP payload that the requestor can deliver in the requestor's network.

When the DNS server receives a query containing an OPT record advertising the maximum UDP packet size, it will truncate any UDP response's size larger than the limit specified in the OPT record.

By default, the DNS server includes OPT resource records indicating its UDP maximum in responses to queries containing OPT resource records. For information about modifying the OPT response setting, see Modify EDNS0 configuration.

If the DNS server receives a query that does not contain an OPT resource record, it assumes the requestor's server does not support EDNS0 and will respond to the requestor assuming that the sender does not accept UDP packets larger than 512 octets. In this case, the DNS server will truncate its UDP response size to a maximum of 512 octets.

EDNS0 UDP queries

Before the requesting DNS server sends a query, it checks its cache to identify if the responding DNS server supports EDNS0. If the responding DNS server supports EDNS0, the requesting DNS server attaches an OPT resource record to the additional section of the query it sends. (All queries have five sections: header, question, answer, authority, and additional.) If, according to the requesting DNS server's cache, the responding DNS server does not support EDNS0, the requesting DNS server will not attach an OPT resource record to the query before it is sent. For more information, see Modify UDP message size.

Identifying and caching EDNS0 support

When the DNS server receives a request or response from a host containing an OPT record, the DNS server caches the EDNS version supported by the host (such as EDNS0). If there is no OPT record in a request or response from a host, the DNS server's cache will indicate that the host does not support EDNS0. If the cache already indicates that the host does support ENDS0, then cache will not be changed.

The default value for how long a host's EDNS0 support information is cached is 86400 (one day, specified in seconds). This value can be modified in the EDNSCacheTimeout registry entry, in the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dns\Parameters

The range of values allowed is from 3600 (1 hour) to 15724800 (182 days). For information about modifying the EDNS0 cache setting, see Modify EDNS0 configuration.

The DNS server decides that a host does not support EDNS0 when it requests an OPT resource record and receives a response containing one of the following RCODE values in the header:

Name Value Description

FORMERR

1

Format Error. The name server did not interpret the OPT resource record.

SERVFAIL

2

Server Failure. The name server did not process the query because of a problem with the name server.

NOTIMPL

4

Not Implemented. The name server does not support the kind of query requested.

(The RCODE field, or response code field, is a 4-bit field set in the header section as part of responses.) In this situation (as a requester), the DNS server identifies that the server does not support EDNS0 and caches this information.

Caution

  • When considering packet sizes, you should take account of the network transmission path's discovered Maximum Transmission Unit (MTU), if this information is available. When configuring the UDP packet size to be larger than 512 octets, remember that the UDP packets must travel through devices other than UDP hosts and these devices, such as routers, may not support UDP packets larger than 512 octets. The maximum UDP packet size should always be compared with the MTU, which in some cases may be smaller. It is recommended that you establish the maximum UDP packet length support for all devices, and configure your UDP hosts for this maximum.

Note

  • EDNS0 refers to the first RFC for EDNS (RFC 2671). Future RFCs for EDNS will be identified by greater numbers, such as EDNS1.