On Wed, Dec 14, 2011 at 3:51 AM, babu dheen <babudh...@yahoo.co.in> wrote:
> In this case, do you think that internal users trying to send emails > directly to internet? > > Email delivery is taken care by Email Gateway device, obviously, DKIM > verification (if enabled) can only be done by Email gateway of my > company... How does internal client make DKIM query which uses the TXT > record in DNS ? > > Can you tell me list of URL which size exceed 514 bytes to verify whether > my internal server truncate/return failure code when query such URL using > UDP query? > > Babu, You are missing the point. DKIM records were only provided as an example of responses that will exceed 512 bytes. Any query might get such a response. There is no way of knowing exactly how much data will be returned with modern DNS servers, especially with DNSSEC. But, even a simple address query might return over 512 bytes of data. The removal of the 512 byte limit on DNS packets is well over a decade old and dancing around it is a losing proposition. You must either fix your firewall (the right solution) or set your servers to NOT set the EDNS flag (a work-around that will probably continue to be fragile). -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users