[dns-operations] DNSSEC and qmail
Chris Thompson
cet1 at cam.ac.uk
Thu Oct 8 13:33:09 UTC 2009
On Oct 8 2009, Tony Finch wrote:
>> roy$ dig +norec cam.ac.uk any
>>
>> ; <<>> DiG 9.4.3-P3 <<>> cam.ac.uk any
>[...]
>> ;; MSG SIZE rcvd: 451
>
>I get
>
>;; Truncated, retrying in TCP mode.
>
>; <<>> DiG 9.4.2-P2 <<>> +norec any cam.ac.uk.
>[ snip loads ]
>
>;; Query time: 5 msec
>;; SERVER: 127.0.0.1#53(127.0.0.1)
>;; WHEN: Thu Oct 8 11:51:14 2009
>;; MSG SIZE rcvd: 1315
As always with T_ANY, it depends entirely on what has got into your
nameserver's cache (unless it is authoritative for the name). Which
is why it's only fit to be a debugging tool in the first place.
I suspect that Roy's has dnssec-enable off (and has been collecting
data with do=0) while Tony's has it on (and has been using do=1).
Against a nameserver authoritative for it, "dig +norec cam.ac.uk any"
gives at least a 2095-byte response. (More if it happens to have
cached a few more IP addresses for its nameservers to add to the
additional section.)
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list