[public-dns-discuss] Re: edns esc blacklisted by google ?

I do have one piece of the response that is returned, which is the RCODE, and I am seeing in our logs that we received a number of responses (notably for d.gcdn.co and cl-ce9dafbe.gcdn.co) where your name servers returned REFUSED (5). I know that some name servers (newer BIND is one) that will return REFUSED in some cases when they will not accept the ECS data (e.g. they will only take zero source-prefix-length, or require that the source prefix match the client's actual IP address, or that it is a routable address, etc. etc.). I can't tell if your name servers are responding with ECS option when they send back REFUSED responses, but I guess that they might not.

NS Name HasECS Status Queries cl-ce9dafbe.gcdn.co. true 5 54 cl-ce9dafbe.gcdn.co. true 5 66 cl-ce9dafbe.gcdn.co. true 5 67 d.gcdn.co. true 5 116 cl-ce9dafbe.gcdn.co. true 5 116 d.gcdn.co. true 5 142 d.gcdn.co. true 5 163 d.gcdn.co. true 5 224 cl-ce9dafbe.gcdn.co. false 5 685 cl-ce9dafbe.gcdn.co. false 5 738 cl-ce9dafbe.gcdn.co. false 5 741 cl-ce9dafbe.gcdn.co. false 5 742 d.gcdn.co. false 5 1543 d.gcdn.co. false 5 1601 d.gcdn.co. false 5 1610 d.gcdn.co. false 5 1647

