On Wed, May 5, 2010 at 11:53 AM, Warren Kumari <war...@kumari.net> wrote:
> > On May 4, 2010, at 11:01 AM, Linux Addict wrote: > > On Tue, May 4, 2010 at 10:43 AM, Stephane Bortzmeyer <bortzme...@nic.fr>wrote: > >> On Tue, May 04, 2010 at 10:27:25AM -0400, >> Linux Addict <linuxaddi...@gmail.com> wrote >> a message of 89 lines which said: >> >> > lacks EDNS, defaults to 512" >> > DNS reply size limit is at least 490" >> > "Tested at 2010-05-04 14:21:02 UTC" >> >> You edited the responses (which includes an IP address). Is it the IP >> address of your resolver? There is may be a forwarder which does not >> have EDNS. >> >> Second possibility, a middlebox mangles your packets and deletes EDNS >> options. >> >> > Actually that IP was our external NAT. One information I neglected to > mention is bind forwards to a tinydns appliance which of course does not > support DNSSEC for obvious reasons. > > So what are my options now? Will the internet work for me tomorrow? > At least I have company in Google.. > > dig +short rs.dns-oarc.net txt @8.8.8.8 > rst.x476.rs.dns-oarc.net. > rst.x485.x476.rs.dns-oarc.net. > rst.x490.x485.x476.rs.dns-oarc.net. > "64.233.168.94 DNS reply size limit is at least 490" > "64.233.168.94 lacks EDNS, defaults to 512" > "Tested at 2010-05-04 15:00:07 UTC" > > > > > Actually, we do support EDNS0, but usually only advertise larger buffers > if needed. > > For example, if you retry this with +dnssec you should get: > > wkum...@colon:/$ dig +dnssec +short rs.dns-oarc.net txt @8.8.8.8 > rst.x1247.rs.dns-oarc.net. > rst.x1257.x1247.rs.dns-oarc.net. > rst.x1228.x1257.x1247.rs.dns-oarc.net. > "74.125.44.94 DNS reply size limit is at least 1257" > "74.125.44.94 sent EDNS buffer size 1280" > "Tested at 2010-05-05 15:51:16 UTC" > wkum...@colon:/$ > > > W > > thanks for the clarification, I learned that after sometime.
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
