nanog mailing list archives
Re: trouble with .gov dns?
From: William Herrin <bill () herrin us>
Date: Mon, 2 May 2011 13:46:59 -0400
On Mon, May 2, 2011 at 1:31 PM, Florian Weimer <fw () deneb enyo de> wrote:
* William Herrin:On Mon, May 2, 2011 at 1:13 PM, Florian Weimer <fw () deneb enyo de> wrote:* William Herrin:Anyone else having trouble with .gov DNS failing with edns-udp-size set to 512?You need an UDP size of at least 1220 for DNSSEC, see RFC 3226, section 3. A query that advertises a smaller buffer size is non-compliant. BIND will send such queries, but this is a controversial feature.I have "dnssec-enable no;" in my bind config.It does not seem to have the intended effect.
Hmm. You're right. Bind won't disable DNSSEC unless you turn edns off
completely with:
server 0.0.0.0/0 {
edns no;
};
Thanks for the info!
Regards,
Bill Herrin
--
William D. Herrin ................ herrin () dirtside com bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Current thread:
- trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Tony Finch (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? David Conrad (May 03)
- Re: trouble with .gov dns? William Herrin (May 03)
- Re: trouble with .gov dns? Florian Weimer (May 03)
- Re: trouble with .gov dns? Edward Lewis (May 03)
- Re: trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)