[140136] in North American Network Operators' Group
Re: trouble with .gov dns?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue May 3 01:21:19 2011
From: Florian Weimer <fw@deneb.enyo.de>
To: Mark Andrews <marka@isc.org>
Date: Tue, 03 May 2011 07:20:55 +0200
In-Reply-To: <20110503011949.A8448E69621@drugs.dv.isc.org> (Mark Andrews's
message of "Tue, 03 May 2011 11:19:49 +1000")
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Mark Andrews:
>> You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
>> section 3. A query that advertises a smaller buffer size is
>> non-compliant. BIND will send such queries, but this is a
>> controversial feature.
>>
>> This has been noted before, for example:
>>
>> From: Mark Andrews <marka@isc.org>
>> Subject: [dnsext] Failure to add glue MUST cause TC to be set.
>> To: dnsext@ietf.org
>> Date: Sun, 20 Feb 2011 08:07:15 +1100
>> Message-Id: <20110219210716.72943A5602B@drugs.dv.isc.org>
>
> And nameservers that don't set TC when they can't fit glue are
> broken RFC 1034.
Only if they produce such answers in response to compliant queries. 8-)
