ipp.gov and Google DNS (188.8.131.52)
Dale W. Carder
dwcarder at wisc.edu
Fri May 31 15:56:04 UTC 2013
Thus spake Casey Deccio (casey at deccio.net) on Thu, May 30, 2013 at 11:17:03AM -0700:
> On Thu, May 30, 2013 at 9:22 AM, Yunhong Gu <guu at google.com> wrote:
> > Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from its
> > authoritative name servers. If there is anyone on this list who manages
> > ipp.gov DNS servers, please take a look. Our resolver IPs can be found at
> > https://developers.google.com/speed/public-dns/faq#locations.
> I get a response for DNSKEY just fine*. However, the payload of the
> response is 1279 bytes, and Google's resolvers set the maximum UDP
> receive payload to 1232, which results in the truncated response.
> Unfortunately, the ipp.gov servers don't respond over TCP, so the
> resolvers aren't able to retrieve ipp.gov/DNSKEY.
> The problem here is that the ipp.gov servers aren't responding on
> TCP/53. But of curiosity, why a max payload size of 1232 for the
> Google resolvers?
I would guess that it is to fit inside tunnels? You will also see
smaller than usual MSS (ex: 1416) from some (all?) google tcp services.
More information about the NANOG