nanog mailing list archives

Re: trouble with .gov dns?

From: Mark Andrews <marka () isc org>
Date: Tue, 03 May 2011 11:19:49 +1000


In message <878vupuiu0.fsf () mid deneb enyo de>, Florian Weimer writes:

* William Herrin:

Anyone else having trouble with .gov DNS failing with edns-udp-size
set to 512?

You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
section 3.  A query that advertises a smaller buffer size is
non-compliant.  BIND will send such queries, but this is a
controversial feature.

This has been noted before, for example:

From: Mark Andrews <marka () isc org>
Subject: [dnsext] Failure to add glue MUST cause TC to be set.
To: dnsext () ietf org
Date: Sun, 20 Feb 2011 08:07:15 +1100
Message-Id: <20110219210716.72943A5602B () drugs dv isc org>


And nameservers that don't set TC when they can't fit glue are
broken RFC 1034.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: trouble with .gov dns?, (continued)
- Re: trouble with .gov dns? Florian Weimer (May 02)
  - Re: trouble with .gov dns? William Herrin (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)
    - Re: trouble with .gov dns? William Herrin (May 02)
    - Re: trouble with .gov dns? Tony Finch (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)
    - Re: trouble with .gov dns? David Conrad (May 03)
    - Re: trouble with .gov dns? William Herrin (May 03)
    - Re: trouble with .gov dns? Florian Weimer (May 03)
    - Re: trouble with .gov dns? Edward Lewis (May 03)
  - Re: trouble with .gov dns? Mark Andrews (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)