Minimal EDNS compliance requirements
petr.spacek@nic.cz
olafur+ietf@cloudflare.com
ondrej@isc.org
Internet
DNS responders must either follow RFC 6891 by implementing EDNS or respond with RCODE=FORMERR to queries containing OPT record.
Non-compliant implementations are not worth talking to.
EDNS version 0 was standardized in 1999, but non-RFC 1035 compliant implementations still exist and cause lot of extra queries and complicated logic in recursive resolvers. RFC 6891 clearly states that FORMERR is the only acceptable answer for implementations without support for EDNS. The cost of supporting these non-compliant implementations keeps increasing.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
No DNS response message to a repeated DNS query containing EDNS extension means that the other side is not a DNS responder and the querier MUST NOT retry its query without EDNS.
Instruction to follow EDNS standard does not change security properties beyond what is written in RFC 6891.
This has no effect on privacy of DNS.
[Note to IANA, to be removed prior to publication: there are no IANA
considerations stated in this version of the document.]