[140130] in North American Network Operators' Group
Re: trouble with .gov dns?
daemon@ATHENA.MIT.EDU (Mark Andrews)
Mon May 2 21:20:36 2011
To: Florian Weimer <fw@deneb.enyo.de>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Mon, 02 May 2011 19:13:11 +0200."
<878vupuiu0.fsf@mid.deneb.enyo.de>
Date: Tue, 03 May 2011 11:19:49 +1000
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <878vupuiu0.fsf@mid.deneb.enyo.de>, Florian Weimer writes:
> * William Herrin:
>
> > Anyone else having trouble with .gov DNS failing with edns-udp-size
> > set to 512?
>
> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
> section 3. A query that advertises a smaller buffer size is
> non-compliant. BIND will send such queries, but this is a
> controversial feature.
>
> This has been noted before, for example:
>
> From: Mark Andrews <marka@isc.org>
> Subject: [dnsext] Failure to add glue MUST cause TC to be set.
> To: dnsext@ietf.org
> Date: Sun, 20 Feb 2011 08:07:15 +1100
> Message-Id: <20110219210716.72943A5602B@drugs.dv.isc.org>
And nameservers that don't set TC when they can't fit glue are
broken RFC 1034.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
