Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
net: add EDNS0 support to builtin DNS stub resolver #6464
Ran into this while debugging a problem with pulling Docker images: we were unable to pull an image due to a DNS resolution error. It turns out our router was forwarding up to 4k DNS responses regardless of the state of the EDNS0 flag, and the Go DNS package was (correctly to the spec) choking on the larger than expected message. The ultimate fix was for the router itself, setting the window to back down to the RFC correct 512 byte size.
Again, this is not a bug with the Go implementation of DNS, but considering how broadly used EDNS0 is for avoiding a fallback to TCP for large DNS responses (which are more and more common), it might be worth implementing the EDNS0 DNS extension if only for that feature.
I still hesitate to say "yup, that's the way to go" because we are already not innocent.
I also understand that EDNS0 would be pretty useful under the well-configured, managed and secured environment. In addition, DNS stub resolver perhaps might avoid being affected by various attacks based on UDP over IP fragmentation. I mean, with DNSSEC it sounds pretty reasonable, but in other cases... still thinking.