So is the answer here just, "Use TCP"? Like for DNSSEC records?
On Fri, Jun 21, 2013 at 1:47 PM, Andrew Sullivan <[email protected]>wrote: > On Fri, Jun 21, 2013 at 04:34:10PM +0000, Viktor Dukhovni wrote: > > > > Fairly confident, I've tested two different platforms at two > > different sites. I'll send you the domain off list, please verify > > for yourself. [ I don't want to publish the domain withour the owner's > > permission. ] > > Thanks. I tried this. > > If I use -b up to about 2300, I get back a truncated answer (so I'd > retry over TCP). If I go above that, however, it hangs. This makes > sense; I'm pretty sure my network is going to fragment at that point, > and lots of people don't reassemble UDP fragments. > > So I think the problem here is that you can't effectively query such a > large answer in most networks over UDP, because the EDNS0 buffer size > you'd need for the answer to fit is too large for most networks. I'm > not sure that's evidence that the particular use is bad. > > Best, > > A > > -- > Andrew Sullivan > [email protected] > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane >
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
