Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

https://dnsflagday.net/ report edns512tcp=timeout

Tags:

server

dns

ubuntu-16.04

vesta

i have a Ubuntu 16.04.5 server with Vesta CP. I checked the server on https://dnsflagday.net, and I got this report:

domain.cl. @123.456.78.90 (ns1.domain.cl.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=timeout optlist=ok

domain.cl. @123.456.78.90 (ns2.domain.cl.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=timeout optlist=ok

I do not know what edns512tcp = timeout means and I have not had much luck looking for a solution on internet.

Can someone help me? thanks

like image 661
milo Avatar asked Dec 23 '22 02:12

milo

2 Answers

For that tool, any kind of "timeout" error is a problem, it means some server did not reply or the message (either query or reply) was eaten by some active element on the path, so it needs to be fixed.

edns512tcp is when the testing software does an EDNS query with a buffer of 512 bytes and over TCP.

If you go to https://ednscomp.isc.org/ednscomp/ for your domain you will have the full test results.

For that specific error it is:

EDNS - over TCP Response (edns@512tcp)

dig +vc +nocookie +norec +noad +edns +dnssec +bufsize=512 dnskey zone @server
expect: NOERROR
expect: OPT record with version set to 0
See RFC5966 and See RFC6891

So you can see which DNS query was done with dig, that you can reproduce it (+vc is an old flag name that is an alias for +tcp). The test expects to get a NOERROR code back and an OPT record. Your servers did not reply at all, so the test failed.

It seems that your servers did not reply to that at all, which is wrong. Maybe they do not reply to TCP queries at all which is even more wrong. In all cases you will need to contact the entity responsible for maintaining those servers and point it to the test results so that they start to fix the problem.

like image 156
Patrick Mevzek Avatar answered Dec 27 '22 03:12

Patrick Mevzek

thanks for your help. I read more about it and I could detect that port 53 was being blocked by the firewall, I added the rule to the firewall to allow TCP connections on port 53.

Everything it's fine now

like image 26
milo Avatar answered Dec 27 '22 05:12

milo
Sign in to Comment

Related questions

mount: /dev/mapper/centos-home: can't read superblock [closed]
Rust echo server and client using futures blocks itself forever
how to set sentry timezone?
Golang communicating the name of the file served to the browser/client
Go HTTP Server Performance Issue

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!