[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

trouble with .gov dns?

Subject: trouble with .gov dns?
From: marka at isc.org (Mark Andrews)
Date: Tue, 03 May 2011 11:19:49 +1000
In-reply-to: Your message of "Mon, 02 May 2011 19:13:11 +0200." <[email protected]>
References: <[email protected]> <[email protected]>

In message <878vupuiu0.fsf at mid.deneb.enyo.de>, Florian Weimer writes:
> * William Herrin:
> 
> > Anyone else having trouble with .gov DNS failing with edns-udp-size
> > set to 512?
> 
> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
> section 3.  A query that advertises a smaller buffer size is
> non-compliant.  BIND will send such queries, but this is a
> controversial feature.
> 
> This has been noted before, for example:
> 
> From: Mark Andrews <marka at isc.org>
> Subject: [dnsext] Failure to add glue MUST cause TC to be set.
> To: dnsext at ietf.org
> Date: Sun, 20 Feb 2011 08:07:15 +1100
> Message-Id: <20110219210716.72943A5602B at drugs.dv.isc.org>

And nameservers that don't set TC when they can't fit glue are
broken RFC 1034.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

Follow-Ups:
- trouble with .gov dns?
  - From: fw at deneb.enyo.de (Florian Weimer)

References:
- trouble with .gov dns?
  - From: bill at herrin.us (William Herrin)
- trouble with .gov dns?
  - From: fw at deneb.enyo.de (Florian Weimer)

Prev by Date: Suspecious anycast prefixes
Next by Date: Amazon diagnosis
Previous by thread: trouble with .gov dns?
Next by thread: trouble with .gov dns?
Index(es):
- Date
- Thread