nanog mailing list archives

Re: trouble with .gov dns?

From: William Herrin <bill () herrin us>
Date: Mon, 2 May 2011 13:23:19 -0400

On Mon, May 2, 2011 at 1:13 PM, Florian Weimer <fw () deneb enyo de> wrote:

* William Herrin:

Anyone else having trouble with .gov DNS failing with edns-udp-size
set to 512?


You need an UDP size of at least 1220 for DNSSEC, see RFC 3226,
section 3.  A query that advertises a smaller buffer size is
non-compliant.  BIND will send such queries, but this is a
controversial feature.


Hi Florian,

I have "dnssec-enable no;" in my bind config. Were you able to
determine from the tcpdump output that DNSSEC was being requested?
How?

Thanks,
Bill Herrin



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

Current thread:

trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
  - Re: trouble with .gov dns? William Herrin (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)
    - Re: trouble with .gov dns? William Herrin (May 02)
    - Re: trouble with .gov dns? Tony Finch (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)
    - Re: trouble with .gov dns? David Conrad (May 03)
    - Re: trouble with .gov dns? William Herrin (May 03)
    - Re: trouble with .gov dns? Florian Weimer (May 03)
    - Re: trouble with .gov dns? Edward Lewis (May 03)
  - Re: trouble with .gov dns? Mark Andrews (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)