Home page logo

nanog logo nanog mailing list archives

Re: trouble with .gov dns?
From: "Wessels, Duane" <dwessels () verisign com>
Date: Fri, 12 Aug 2011 10:09:28 -0700

On May 3, 2011, at 7:54 AM, William Herrin wrote:

On Tue, May 3, 2011 at 10:23 AM, David Conrad <drc () virtualized org> wrote:
This probably isn't the right venue for this discussion.

Hi David,

I'm going to go with Mark's answer: "nameservers that don't set TC
[truncated bit] when they can't fit glue are broken RFC 1034." When
that happens to be both TLD servers for a particular TLD (.gov), I'm
calling that an operational issue.

I have a workaround. I'm happy. But the folks running gov-servers.net
*really* ought to have a discussion with their vendor.

I'm pleased to report that the fix for this problem was finally deployed,
as of yesterday.  You should now find TC=1 in responses from the .gov name
servers when the glue won't fit:

    $ dig +dnssec +bufsize=512 @a.gov-servers.net www.nsf.gov a
    ;; Truncated, retrying in TCP mode.

Duane W.

  By Date           By Thread  

Current thread:
  • Re: trouble with .gov dns? Wessels, Duane (Aug 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]