trouble with .gov dns?

• Previous message (by thread): trouble with .gov dns?
• Next message (by thread): trouble with .gov dns?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* William Herrin:

> On Mon, May 2, 2011 at 1:13 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
>> * William Herrin:
>>> Anyone else having trouble with .gov DNS failing with edns-udp-size
>>> set to 512?
>>
>> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
>> section 3.  A query that advertises a smaller buffer size is
>> non-compliant.  BIND will send such queries, but this is a
>> controversial feature.

> I have "dnssec-enable no;" in my bind config.

It does not seem to have the intended effect.

> Were you able to determine from the tcpdump output that DNSSEC was
> being requested?

[udp sum ok] 10320 [1au] A? www.nsf.gov. ar: . OPT UDPsize=512 OK (40)
11:53:01.690414 IP (tos 0x0, ttl 249, id 28744, offset 0, flags

"OK" means that DO=1 was set.

• Previous message (by thread): trouble with .gov dns?
• Next message (by thread): trouble with .gov dns?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]