[163254] in North American Network Operators' Group
Re: ipp.gov and Google DNS (8.8.8.8)
daemon@ATHENA.MIT.EDU (Dale W. Carder)
Fri May 31 11:57:37 2013
Date: Fri, 31 May 2013 10:56:04 -0500
From: "Dale W. Carder" <dwcarder@wisc.edu>
To: Casey Deccio <casey@deccio.net>
In-reply-to: <CAEKtLiTQNUtY0G0G2Cds+of6uUUYpvbvRoQc7CSscDmcbRbwgg@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Thus spake Casey Deccio (casey@deccio.net) on Thu, May 30, 2013 at 11:17:03AM -0700:
> On Thu, May 30, 2013 at 9:22 AM, Yunhong Gu <guu@google.com> wrote:
> > Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from its
> > authoritative name servers. If there is anyone on this list who manages
> > ipp.gov DNS servers, please take a look. Our resolver IPs can be found at
> > https://developers.google.com/speed/public-dns/faq#locations.
> >
> >
>
> I get a response for DNSKEY just fine*. However, the payload of the
> response is 1279 bytes, and Google's resolvers set the maximum UDP
> receive payload to 1232, which results in the truncated response.
> Unfortunately, the ipp.gov servers don't respond over TCP, so the
> resolvers aren't able to retrieve ipp.gov/DNSKEY.
>
> The problem here is that the ipp.gov servers aren't responding on
> TCP/53. But of curiosity, why a max payload size of 1232 for the
> Google resolvers?
I would guess that it is to fit inside tunnels? You will also see
smaller than usual MSS (ex: 1416) from some (all?) google tcp services.
Dale
