The permanent fix of for PowerDNS to follow the DNS protocol and make the query over TCP.
They have a choice of solutions. Just make a TCP query and make a second TCP query for the XFR. Make a TCP query and then the XFR if required over the same TCP connection. -- Mark Andrews > On 19 Nov 2022, at 00:33, Andy Smith <a...@strugglers.net> wrote: > > Hi Bob, > >> On Fri, Nov 18, 2022 at 07:20:22AM -0500, Bob McDonald wrote: >> The size of the TCP packets is a problem. You might also look at >> minimal-responses. > > The issue seems to be that an SOA query response for this DNSSEC-signed > zone is 2293 bytes, and PowerDNS can not yet retry that SOA query over > TCP. > > After setting minimal-responses that SOA query is only 685 bytes, so > thanks, that will give me some time to think about what I'm going to do > as a more permanent fix. > > Thanks, > Andy > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
