TLDFYI

EDNS (Extension Mechanisms for DNS), defined in RFC 6891, extends the original [[dns|DNS]] protocol to support messages larger than the 512-byte UDP limit of the original specification, enabling [[dnssec|DNSSEC]] signatures, larger resource records, and new option codes. EDNS0 (version 0) introduces an OPT pseudo-record that carries the advertised payload size (typically 4096 bytes or more) and option flags including the DO (DNSSEC OK) bit. Without EDNS support, resolvers and authoritative servers cannot negotiate large responses and fall back to TCP, causing latency. EDNS Client Subnet (ECS) is an extension that passes a truncated client IP to authoritative servers to enable geographically targeted responses.

Example

When a resolver queries for a DNSSEC-signed zone, it sends an OPT record advertising EDNS0 with the DO bit set and a buffer size of 4096 bytes, signaling it can handle the large RRSIG and DNSKEY records in the response.