[dns-operations] peacecorps.gov: large NXDOMAIN replies and no TCP service

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Mon Aug 2 21:53:15 UTC 2021

Previous message (by thread): [dns-operations] peacecorps.gov: large NXDOMAIN replies and no TCP service
Next message (by thread): [dns-operations] Google (formerly also CF) public DNS sometimes forwards incomplete subset of NSEC RRs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It's not just a problem for NXDOMAIN.  Their DNSKEY response is over 
1250 bytes, so those who use a lower limit (e.g. 1232 recommended by 
dnsflagday.net/2020) will have no access to that subtree at all.

--Vladimir

Previous message (by thread): [dns-operations] peacecorps.gov: large NXDOMAIN replies and no TCP service
Next message (by thread): [dns-operations] Google (formerly also CF) public DNS sometimes forwards incomplete subset of NSEC RRs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list