Under the term EDNS (Extended DNS) different extensions of the Domain Name System are summarized, which concern the transport of DNS data in UDP packages.

Motivation

The DNS developed in the first half of the 1980er in the course of the years with numerous further functions one equipped. In DNS packages available the flags, return code and label types were not finally sufficient to describe all situations. A further serious problem resulted out from the restriction of length of the DNS UDP package of 512 bytes. These restrictions made an extension of the DNS package format inevitably. 1999 were formulated by Paul Vixie in the RFC 2671 an appropriate standard.

Function mode

Since in the DNS header no more flag was at the disposal, in order to differentiate zwischem conventional and EDNS format, a so-called pseudo record was introduced, the so-called OPT resource record. A such pseudo RR is used only on the route of transportation between Client and servers. It never appears in zone files or in Caches. A DNS participant, who would like to mark a DNS package as EDNS, inserts an appropriate pseudo RR into the Additional DATA section of the DNS inquiry or - answer.

Apart from the task to mark a package as EDNS package a OPT resource record has the following functions:

• Supply of 16 additional flags
• Extension of the Response code around eight bytes (with it three Response codes can to be accommodated in a package insgesammt)

In addition the overall length of the UDP package and the version number (at present 0) are contained. In a data field of variable length in the future further information can be registered.

A further extension specified in the RFC 2671 refers to the label format. Originally there were two label types, which are defined by the first two bits in DNS packages (RFC 1035):

• 00 = standard label
• 11 = compressed label

In order to make a larger number possible of further label types, the type 01 = "“Extended label"” is defined. From the following 6 bits of the first byte thereby altogether 63 label under types can be formed.

Practice

EDNS is not with DNSSEC there the DO flag (DNSSEC of OK ONE) any more in the standard header to be compellingly necessarily, accommodated can. The DO flag is also first defined flag again.

In practice difficulties often arise with Firewalls, since older Firewalls of a maximum DNS package length proceeds from 512 bytes and longer packages abblocken.

Example of the representation of OPT data with the expenditure of the dig Tools:

; ; OPT PSEUDO SECTION: ; EDNS: version: 0, flags: DO; UDP: 4096 

Reference

• RFC 2671 Extension Mechanisms for DNS (EDNS0) 1999

Articles in category "EDNS"

We found here 2 articles.

Related Websites

We found here 3 related websites.

• Check Point NG problems with EDNS
  Our name server is running BIND 9.2.3, although this problem may affect other name servers using EDNS. The problem was that Check Point NG was configured ...


• EDNS - Wikipedia, the free encyclopedia
  For the former alternative root system called eDNS, see eDNS (alternative DNS root). EDNS is an extension of the DNS protocol which allows more flags, ...


• Turning off EDNS
  Turning off EDNS-0 extended UDP packets in W2k3 server's DNS. ... Once you run this your W2K3 DNS server will never advertise its EDNS capabilities and so ...