[dns-operations] www.factorymoneystore.gov DNSSec Failures
Tony Finch
dot at dotat.at
Mon Jul 28 09:04:52 UTC 2014
Mark Andrews <marka at isc.org> wrote:
>
> [...]
> * responds with > 512 bytes to a EDNS at 512 byte TCP query
> (this requires finding a response that will be > 512 bytes)
> * add the OPT record to a truncated response
> (this requires finding a response that can be forced to truncate)
>
> The last two impact validators running behind firewalls that limit
> responses to 512 bytes.
The last one also provokes interop problems with BIND 9.10 even without a
firewall in the way.
Truncation seems to be Really Hard to get right :-(
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Rockall: Northwesterly, backing southwesterly for a time, 4 or 5, increasing 6
later in north. Slight or moderate, becoming rough or very rough in northwest.
Rain for a time. Good, occasionally poor.
More information about the dns-operations
mailing list