Re: dnssec question. confused.

2011-09-29 Thread Joseph Karpenko
> From: michoski > To: Steve Arntzen , bind-users@lists.isc.org > Subject: Re: dnssec question. confused. > > On 9/28/11 5:32 AM, "Steve Arntzen" wrote: >> Is your firewall Cisco based? >> >> There is a known "default" setting in Cisco with res

RE: dnssec question. confused.

2011-09-28 Thread Brad Bendily
> On 9/28/11 5:32 AM, "Steve Arntzen" wrote: > > Is your firewall Cisco based? Yes. The firewall is Cisco based. However, the main problem there is, there are several firewalls before leaving our network and my dept doesn't manage all of them. > > There is a known "default" setting in Cisco wi

Re: dnssec question. confused.

2011-09-28 Thread michoski
On 9/28/11 5:32 AM, "Steve Arntzen" wrote: > Is your firewall Cisco based? > > There is a known "default" setting in Cisco with respect to packet size > for DNS. Our network guys run into this anytime they do an upgrade, > etc. and have to go in and update the setting. This bit me the first tim

Re: dnssec question. confused.

2011-09-28 Thread Steve Arntzen
Is your firewall Cisco based? There is a known "default" setting in Cisco with respect to packet size for DNS. Our network guys run into this anytime they do an upgrade, etc. and have to go in and update the setting. Steve. On Tue, 2011-09-27 at 15:45 -0500, Brad Bendily wrote: > When trying

RE: dnssec question. confused.

2011-09-27 Thread Marc Lampo
11 10:45 PM To: bind-users@lists.isc.org Subject: dnssec question. confused. When trying the DNSSEC check command from: https://www.dns-oarc.net/oarc/services/replysizetest behind our corporate firewall, I get: rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.

Re: dnssec question. confused.

2011-09-27 Thread Mark Andrews
In message <798e3caf2fcc264481d8f75fb3d0bfd91b538...@mailmbx10.mail.la.gov>, Br ad Bendily writes: > > When trying the DNSSEC check command from: > https://www.dns-oarc.net/oarc/services/replysizetest > > behind our corporate firewall, I get: > rst.x476.rs.dns-oarc.net. > rst.x485.x476.rs.dns-oa

Re: dnssec question. confused.

2011-09-27 Thread Doug Barton
On 09/27/2011 13:45, Brad Bendily wrote: > dig +dnssec eeoc.gov Try that again with +notcp. FYI, on a "clean" network the response I get to that query is 3,918 bytes. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadt

dnssec question. confused.

2011-09-27 Thread Brad Bendily
When trying the DNSSEC check command from: https://www.dns-oarc.net/oarc/services/replysizetest behind our corporate firewall, I get: rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. "Tested at 2011-09-27 20:32:34 UTC" "205.172.49.177 sent EDNS buffer s