False positives for "EDNS - Unknown Version Handling (edns1)" & "EDNS - Unknown Version with Unknown Option Handling (edns1opt)" ?
Hi,
I tested some powerDNS servers for the DNS flag day.
Some warnings seems to be raised, about the unexpected presence of a SOA in the response, when a bad version/option is requested, for example for the powerdns.net zone :
https://ednscomp.isc.org/ednscomp/56b28c9733
However, a manual dig shows no SOA being returned :
$ dig +norec +noad +edns=1 +noednsneg soa powerdns.net. @79.137.83.215
; <<>> DiG 9.10.3-P4-Debian <<>> +norec +noad +edns=1 +noednsneg soa powerdns.net. @79.137.83.215
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 33660
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;powerdns.net. IN SOA
;; Query time: 221 msec
;; SERVER: 79.137.83.215#53(79.137.83.215)
;; WHEN: Wed Feb 13 12:03:36 CET 2019
;; MSG SIZE rcvd: 41
I was wondering if it could be a bug in the testing tool itself.
Greets to Stephane Bortzmeyer for the idea of performing a manual dig.
Edited by Ghost User