nanog mailing list archives
Re: ipp.gov and Google DNS (8.8.8.8)
From: Casey Deccio <casey () deccio net>
Date: Thu, 30 May 2013 11:17:03 -0700
On Thu, May 30, 2013 at 9:22 AM, Yunhong Gu <guu () google com> wrote:
Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from its authoritative name servers. If there is anyone on this list who manages ipp.gov DNS servers, please take a look. Our resolver IPs can be found at https://developers.google.com/speed/public-dns/faq#locations.
I get a response for DNSKEY just fine*. However, the payload of the response is 1279 bytes, and Google's resolvers set the maximum UDP receive payload to 1232, which results in the truncated response. Unfortunately, the ipp.gov servers don't respond over TCP, so the resolvers aren't able to retrieve ipp.gov/DNSKEY. The problem here is that the ipp.gov servers aren't responding on TCP/53. But of curiosity, why a max payload size of 1232 for the Google resolvers? It seems like that would result in a lot more TCP transactions (and overhead) for queries to signed zones. Casey * Although, that's only if the DO bit is set; interestingly, if I don't set the DO bit, the response times out.
Current thread:
- ipp.gov and Google DNS (8.8.8.8) Josh Galvez (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Stephane Bortzmeyer (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Casey Deccio (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Yunhong Gu (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Casey Deccio (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Yunhong Gu (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Dale W. Carder (May 31)
- Re: ipp.gov and Google DNS (8.8.8.8) Casey Deccio (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Stephane Bortzmeyer (May 30)