[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

trouble with .gov dns?

Subject: trouble with .gov dns?
From: fw at deneb.enyo.de (Florian Weimer)
Date: Tue, 03 May 2011 07:20:55 +0200
In-reply-to: <[email protected]> (Mark Andrews's message of "Tue, 03 May 2011 11:19:49 +1000")
References: <[email protected]> <[email protected]> <[email protected]>

* Mark Andrews:

>> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
>> section 3.  A query that advertises a smaller buffer size is
>> non-compliant.  BIND will send such queries, but this is a
>> controversial feature.
>> 
>> This has been noted before, for example:
>> 
>> From: Mark Andrews <marka at isc.org>
>> Subject: [dnsext] Failure to add glue MUST cause TC to be set.
>> To: dnsext at ietf.org
>> Date: Sun, 20 Feb 2011 08:07:15 +1100
>> Message-Id: <20110219210716.72943A5602B at drugs.dv.isc.org>
>
> And nameservers that don't set TC when they can't fit glue are
> broken RFC 1034.

Only if they produce such answers in response to compliant queries. 8-)

References:
- trouble with .gov dns?
  - From: bill at herrin.us (William Herrin)
- trouble with .gov dns?
  - From: fw at deneb.enyo.de (Florian Weimer)
- trouble with .gov dns?
  - From: marka at isc.org (Mark Andrews)

Prev by Date: trouble with .gov dns?
Next by Date: Suspecious anycast prefixes
Previous by thread: trouble with .gov dns?
Next by thread: Suspecious anycast prefixes
Index(es):
- Date
- Thread