[dns-operations] [Ext] Verisign TLDs, some other servers may trim critical glue from very large referrals

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Jan 4 16:08:47 UTC 2019

> On Jan 4, 2019, at 9:43 AM, Edward Lewis <edward.lewis at icann.org> wrote:
> Another thing to fix is the receiving software...to know to ask for the glue when it isn't found.  But that isn't simple - you have to ask with DNSSEC off:

That looks like sound advice.  One might call that "glue sniffing",
where a signed glueless response with no TC is followed up by a
query with DO=0 to try and get some glue.

Separately, I agree that an EDNS buffer size of 512 seems unwise.
Though 1280 might be a tad too big, because the IPv6 MTU, not the
maximum payload size of a UDP datagram.  One needs to subtract the
IP and IP header sizes.  My ad hoc estimate is 1280 - 64 = 1216.


More information about the dns-operations mailing list