[dns-operations] Dealing with the bizarre - grantee.fema.gov
Brian Somers
bsomers at opendns.com
Thu Jul 9 00:07:43 UTC 2020
On Jul 8, 2020, at 12:31 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> With even more verbose debugging, unbound-host reports a DNSKEY response
> size of 1842 bytes.
Interesting. I just see:
# dig +cd +norecurse +tries=1 +bufsize=2000 +dnssec dnskey grantee.fema.gov @216.81.81.101
; <<>> DiG 9.16.4 <<>> +cd +norecurse +tries +bufsize +dnssec dnskey grantee.fema.gov @216.81.81.101
;; global options: +cmd
;; connection timed out; no servers could be reached
Never a response when I give it a big enough bufsize…
I wonder what unbound is doing that dig isn’t.
Of course our resolvers only ask for bufsize=1410, get a
TC, ask over TCP and get a response with just the SOA,
which isn’t even a valid denial :(
—
Brian
More information about the dns-operations
mailing list