On Wed, Dec 14, 2011 at 3:51 AM, babu dheen <babudh...@yahoo.co.in> wrote:

> In this case, do you think that internal users trying to send emails
> directly to internet?
>
> Email delivery is taken care by Email Gateway device, obviously, DKIM
> verification (if enabled) can only be done by Email gateway of my
> company... How does internal client make DKIM query which uses the TXT
> record in DNS ?
>
> Can you tell me list of URL which size exceed 514 bytes to verify whether
> my internal server truncate/return failure code when query such URL using
> UDP query?
>
>

Babu,

You are missing the point. DKIM records were only provided as an example of
responses that will exceed 512 bytes.  Any query might get such a response.
There is no way of knowing exactly how much data will be returned with
modern DNS servers, especially with DNSSEC. But, even a simple address
query might return over 512 bytes of data.

The removal of the 512 byte limit on DNS packets is well over a decade old
and dancing around it is a losing proposition. You must either fix your
firewall (the right solution) or set your servers to NOT set the EDNS flag
(a work-around that will probably continue to be fragile).
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6...@gmail.com
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to