Reset Search



KB43996 - ISC DNS Flagday and what does it mean for vADC customers

« Go Back


Last Modified Date1/3/2019 12:45 PM
Problem or Goal
ISC is holding a "DNS flag day" on 1 February 2019, action that was announced back in October 2018:

Following new tradition, this event has a logo and a website:

Under the "Domain Owners" section of the page above, there is a form to test your domain, which might produce few cryptic errors, for example:

ednsflags=mbz mbz - EDNS flags echoed back.

edns512tcp=timeout timeout - lookup timed out.
First, check if vTM is handling DNS traffic for the domain concerned. If it does, check the error codes ISC DNS Flag Day website is showing:

ednsflags=mbz mbz - EDNS flags echoed back.

This is something that vTM does not do by itself, but if vTM is in pass-through mode, and back-end (real) DNS server exhibit that behaviour, vTM would pass-through such flags intact. If you get this error, check that:

- vTM's DNS virtual server is indeed in pass-through mode (i.e. pool selected is anything but "builtin_dns");

- Back-end (real) DNS servers are capable of handling EDNS0 extension flags. You might need to talk to back-end DNS server's vendor if this is not the case.

edns512tcp=timeout timeout - lookup timed out.

This error is most commonly seen when when no DNS/TCP virtual server is configured. To comply with ISC DNS Flagday, add a new virtual server with internal protocol set to "DNS/TCP", and copy other configuration from existing "DNS/UDP" virtual server. Also, if pass-through mode is in use, make sure that back-end server is capable of handing DNS/TCP too.
Related Links
Attachment 1 
Created ByAndy Chernyak



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255