On Mon, 08 Mar 2010, George Barwood wrote: > It's interesting to note that currently > > dig any . @a.root-servers.net +dnssec > > truncates, leading to TCP fallback > > but > > dig any . @l.root-servers.net +dnssec > > does not truncate ( response size is 1906 bytes ).
a.root-servers.net's six anycast instances currently all run BIND 9 configured with "max-udp-size 1472" to avoid sending responses larger than the Ethernet MTU. This was a conscious conservative choice and the infrastructure is capable of handling the resulting increased TCP load. It's worth noting that common queries with +DO for types at the root node produce smaller results that do not result in +TC truncation: ./IN/NS is 801 bytes and ./IN/DNSKEY is 736 bytes. ./IN/ANY is a diagnostic outlier. Matt _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
