[dns-operations] For darpa.mil, EDNS buffer == 1232 is *too small*. :-(
paul at redbarn.org
Fri May 1 07:02:21 UTC 2020
they will have to be troubled. perhaps we can notify them first. that config is not sustainable.
Get BlueMail for Android
On 30 Apr 2020, 23:38, at 23:38, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>On Sun, Apr 19, 2020 at 12:39:24AM -0400, Viktor Dukhovni wrote:
>> The DANE survey unbound resolver is presently configured to advertise
>> EDNS UDP buffer size of 1232 bytes (to avoid UDP fragmentation
>> over IPv6). With this buffer size (or indeed any buffer size below
>> bytes) and the DO bit set to solicit DNSSEC signatures, queries for
>> darpa.mil MX host TLSA records fail:
>FWIW, with ofda.gov even 1410 is not enough, EDNS buffer sizes less
>1555 (requiring working fragmentation) elicit a TC=1 response, but TCP
>is not available.
>dig +bufsize=1554 +dnssec +norecur @$ip -t tlsa
>dig +bufsize=1555 +dnssec +norecur @$ip -t tlsa
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations