Re: ipp.gov and Google DNS (8.8.8.8)

["Dale W. Carder" <dwcarder () wisc edu>]

Thus spake Casey Deccio (casey () deccio net) on Thu, May 30, 2013 at 11:17:03AM -0700:
> On Thu, May 30, 2013 at 9:22 AM, Yunhong Gu <guu () google com> wrote:
> > Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from its
> > authoritative name servers. If there is anyone on this list who manages
> > ipp.gov DNS servers, please take a look. Our resolver IPs can be found at
> > https://developers.google.com/speed/public-dns/faq#locations.
>
> I get a response for DNSKEY just fine*.  However, the payload of the
> response is 1279 bytes, and Google's resolvers set the maximum UDP
> receive payload to 1232, which results in the truncated response.
> Unfortunately, the ipp.gov servers don't respond over TCP, so the
> resolvers aren't able to retrieve ipp.gov/DNSKEY.
>
> The problem here is that the ipp.gov servers aren't responding on
> TCP/53.  But of curiosity, why a max payload size of 1232 for the
> Google resolvers?  

I would guess that it is to fit inside tunnels?  You will also see
smaller than usual MSS (ex: 1416) from some (all?) google tcp services.

Dale