[dns-operations] NS1 nameservers response size
Manabu Sonoda
manabu-s at iij.ad.jp
Fri May 24 11:55:21 UTC 2019
Hello Jan,
We failed to resolve this name. Because our full resolvers are set buffer size 1220 byte and drop UDP fragment packet for protect from fragment attack. (see: draft-fujiwara-dnsop-fragment-attack-01)
Now we resolve this name by tcp only. It is fine.
-- Manabu Sonoda <manabu-s at iij.ad.jp> Internet Initiative Japan Inc.
On 2019/05/24 20:10 Jan Včelák <jv at fcelda.cz> wrote:
Hello,
I can confirm we do not respect the buffer size. We are aware of this deficiency but it also doesn't have high priority at the moment.
Have you encountered a situation where it has been causing trouble for a real application? Or is this an accidental discovery?
Jan (NS1)
Dne pá 24. 5. 2019 12:19 uživatel Manabu Sonoda <
manabu-s at iij.ad.jp > napsal:
Are NS1not implement edns0 buffer size ?
Do they plan to implement it ?
( Close eyes bad rdata....)
dig @
dns2.p07.nsone.net
globalsign.com txt +bufsize=512
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @
dns2.p07.nsone.net
globalsign.com txt +bufsize=512
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11262
;; flags: qr aa rd; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;
globalsign.com . IN TXT
;; ANSWER SECTION:
globalsign.com . 300 IN TXT "MS=ms71622826"
globalsign.com . 300 IN TXT "aoLxrQBK4FSoQsQVxk8Oh0QqDIiILef/m6EwZTmpg1M="
globalsign.com . 300 IN TXT "cH2cwv2lMzoxbrhQDsfB7LDv/Jsu2TDDZSQznoA/H1rtSih8CLKju0RZrRDahPyMLM4ZYA8sGijs561ll2AZPw=="
globalsign.com . 300 IN TXT "eBPD7w6DE9vYNPwczqepRahUkUAkBw5qxW7qsAOd+ig="
globalsign.com . 300 IN TXT "google-site-verification=gtfgX6oja-rl-TcVUtRidcodGC-4xwiVrFdhz2Njuo0"
globalsign.com . 300 IN TXT "pardot_341121_*=1f62b656fc75f01e2dbf46962f3df567f9435270c2ac313c6587c4bbef258d0f"
globalsign.com . 300 IN TXT "v=DKIM1\;k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1vhugV30ayqwRy2mu+m6QyxvdVtHee/ChrUqtrPflazjf3LfuGryocUGTZ66DsHZeTpjqdcRRXms1+xpVsqqeiXipw4jNPwx9VpyIyg0suI/2QYsIjKyj0OFYWe22Ilgp/zjXXJUxJ4fTqT5ae0cAX5u3GNsj6dA8u9n3atIlIwIDAQAB"
globalsign.com . 300 IN TXT "v=DKIM1\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzTQa7JyCBCGKvGz3/6F2vf5dXWZKOD4y56gizEWfUITZ/OvV4VYxCUAAD6JicyyPg+SjweyBcRNBVb+oaZ4NiCvCu2Pci5UIOZZwZn45XRFTpLnj/bTJE5elcmXvf2LytUQlGcM4N9qjzGlb4qdohLghBvRaQ+YpXK+Nrg6UokQIDAQAB"
globalsign.com . 300 IN TXT "v=DKIM1\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL/t1pilYMRJcrBcyXuRdNmdpN1fnF0cC6eI34BAw7w8YW1cwH14MjbhtX6QrWhrpGFGDZOzEv3BSA8MXWNMxInJtppacMoSB2ZCRwWe4d0Hk0uklh5g5iydksSAwf+GK8YJEj9UPDJx6/y7zQytjWee9s4n2ABSGpDCMMdJkFBQIDAQAB"
globalsign.com . 300 IN TXT "v=DMARC1\;p=reject\;rua=mailto:
dmarc at globalsign.com "
globalsign.com . 300 IN TXT "v=spf1 ip4:
114.179.250.0/30 ip4:
211.123.204.251/32 ip4:
27.121.42.215/32 ip4:
211.11.149.164/32 include:
spf.protection.outlook.com include:_
spf.salesforce.com include:
spf-bma.mpme.jp include:_
spf.act-on.net include:es._
spf.adp.com -all"
globalsign.com . 300 IN TXT "yandex-verification:e54a3279b05955ba"
;; Query time: 3 msec
;; SERVER: 198.51.45.7#53(198.51.45.7)
;; WHEN: Fri May 24 18:48:31 2019
;; MSG SIZE rcvd: 1551
--
Manabu Sonoda <
manabu-s at iij.ad.jp >
Internet Initiative Japan Inc.
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190524/397631a4/attachment.html>
More information about the dns-operations
mailing list