[143564] in North American Network Operators' Group
Re: trouble with .gov dns?
daemon@ATHENA.MIT.EDU (Wessels, Duane)
Fri Aug 12 13:15:07 2011
From: "Wessels, Duane" <dwessels@verisign.com>
In-Reply-To: <BANLkTim_2Gp-V0-idv5w+zOp36aNDOCPEA@mail.gmail.com>
Date: Fri, 12 Aug 2011 10:09:28 -0700
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 3, 2011, at 7:54 AM, William Herrin wrote:
> On Tue, May 3, 2011 at 10:23 AM, David Conrad <drc@virtualized.org> wrote:
>> This probably isn't the right venue for this discussion.
>
> Hi David,
>
> I'm going to go with Mark's answer: "nameservers that don't set TC
> [truncated bit] when they can't fit glue are broken RFC 1034." When
> that happens to be both TLD servers for a particular TLD (.gov), I'm
> calling that an operational issue.
>
> I have a workaround. I'm happy. But the folks running gov-servers.net
> *really* ought to have a discussion with their vendor.
I'm pleased to report that the fix for this problem was finally deployed,
as of yesterday. You should now find TC=1 in responses from the .gov name
servers when the glue won't fit:
$ dig +dnssec +bufsize=512 @a.gov-servers.net www.nsf.gov a
;; Truncated, retrying in TCP mode.
....
Duane W.
