[140111] in North American Network Operators' Group
Re: trouble with .gov dns?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon May 2 13:13:22 2011
From: Florian Weimer <fw@deneb.enyo.de>
To: William Herrin <bill@herrin.us>
Date: Mon, 02 May 2011 19:13:11 +0200
In-Reply-To: <BANLkTikdC9hyi8eh5uX_-2yD2V_xCF2OHA@mail.gmail.com> (William
Herrin's message of "Mon, 2 May 2011 12:01:06 -0400")
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* William Herrin:
> Anyone else having trouble with .gov DNS failing with edns-udp-size
> set to 512?
You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
section 3. A query that advertises a smaller buffer size is
non-compliant. BIND will send such queries, but this is a
controversial feature.
This has been noted before, for example:
From: Mark Andrews <marka@isc.org>
Subject: [dnsext] Failure to add glue MUST cause TC to be set.
To: dnsext@ietf.org
Date: Sun, 20 Feb 2011 08:07:15 +1100
Message-Id: <20110219210716.72943A5602B@drugs.dv.isc.org>
