trouble with .gov dns?

William Herrin bill at
Mon May 2 17:23:19 UTC 2011

On Mon, May 2, 2011 at 1:13 PM, Florian Weimer <fw at> wrote:
> * William Herrin:
>> Anyone else having trouble with .gov DNS failing with edns-udp-size
>> set to 512?
> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
> section 3.  A query that advertises a smaller buffer size is
> non-compliant.  BIND will send such queries, but this is a
> controversial feature.

Hi Florian,

I have "dnssec-enable no;" in my bind config. Were you able to
determine from the tcpdump output that DNSSEC was being requested?

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list