trouble with .gov dns?
bill at herrin.us
Mon May 2 17:23:19 UTC 2011
On Mon, May 2, 2011 at 1:13 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
> * William Herrin:
>> Anyone else having trouble with .gov DNS failing with edns-udp-size
>> set to 512?
> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
> section 3. A query that advertises a smaller buffer size is
> non-compliant. BIND will send such queries, but this is a
> controversial feature.
I have "dnssec-enable no;" in my bind config. Were you able to
determine from the tcpdump output that DNSSEC was being requested?
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG