trouble with .gov dns?

William Herrin bill at herrin.us
Mon May 2 12:23:19 CDT 2011


On Mon, May 2, 2011 at 1:13 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
> * William Herrin:
>> Anyone else having trouble with .gov DNS failing with edns-udp-size
>> set to 512?
>
> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
> section 3.  A query that advertises a smaller buffer size is
> non-compliant.  BIND will send such queries, but this is a
> controversial feature.

Hi Florian,

I have "dnssec-enable no;" in my bind config. Were you able to
determine from the tcpdump output that DNSSEC was being requested?
How?

Thanks,
Bill Herrin



-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list