In article <mailman.1238.1271957025.21153.bind-us...@lists.isc.org>, Paul Wouters <p...@xelerance.com> wrote:
> On Thu, 22 Apr 2010, Chris Thompson wrote: > > >> I have the same problems with our validating unbound instance. > > > > I suspect that this has to do with > > > > dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov. > > dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov. > > > > failing with timeouts, while dig +dnssec +norec +vc dnskey uspto.gov > > @dns1.uspto.gov. > > dig +dnssec +norec +vc dnskey uspto.gov @dns2.uspto.gov. > > > > work fine ... with a 1736-byte answer. Probably the fragmented > > UDP response is getting lost somewhere near the authoritative > > servers themselves. > > But wouldn't it fall back to TCP then? TCP fallback occurs when the server sets the Truncate flag in the response, because it can't fit the answer in the datagram. But if the response is lost because something is blocking part of it, that just looks like a timeout. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
