<html><head></head><body style="zoom: 0%;"><div dir="auto">they will have to be troubled. perhaps we can notify them first. that config is not sustainable.<br><br></div>
<div dir="auto"><!-- tmjah_g_1299s -->Get <!-- tmjah_g_1299e --><a href="http://www.bluemail.me/r?b=15860"><!-- tmjah_g_1299s -->BlueMail for Android<!-- tmjah_g_1299e --></a><!-- tmjah_g_1299s --> <!-- tmjah_g_1299e --></div>
<div class="gmail_quote" >On 30 Apr 2020, at 23:38, Viktor Dukhovni <<a href="mailto:ietf-dane@dukhovni.org" target="_blank">ietf-dane@dukhovni.org</a>> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="blue">On Sun, Apr 19, 2020 at 12:39:24AM -0400, Viktor Dukhovni wrote:<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> The DANE survey unbound resolver is presently configured to advertise an<br> EDNS UDP buffer size of 1232 bytes (to avoid UDP fragmentation problems<br> over IPv6). With this buffer size (or indeed any buffer size below 1346<br> bytes) and the DO bit set to solicit DNSSEC signatures, queries for the<br> <a href="http://darpa.mil">darpa.mil</a> MX host TLSA records fail:<br></blockquote><br>FWIW, with <a href="http://ofda.gov">ofda.gov</a> even 1410 is not enough, EDNS buffer sizes less than<br>1555 (requiring working fragmentation) elicit a TC=1 response, but TCP<br>is not available.<br><br>Timeout:<br><br> dig +bufsize=1554 +dnssec +norecur @$ip -t tlsa _25._<a href="http://tcp.dc4vasmtp01.ofda.gov">tcp.dc4vasmtp01.ofda.gov</a><br><br>Success:<br><br> dig +bufsize=1555 +dnssec +norecur @$ip -t tlsa _25._<a href="http://tcp.dc4vasmtp01.ofda.gov">tcp.dc4vasmtp01.ofda.gov</a><br><br>--<br> Viktor.<br><hr><br>dns-operations mailing list<br>dns-operations@lists.dns-oarc.net<br><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br></pre></blockquote></div></body></html>