[Dnssec-deployment] The nameservers for .SOY and .FOO are broken.

Mark Andrews Thu, 24 Jul 2014 17:24:08 -0700

The TCP response is limited to the EDNS UDP buffer size resulting
in silent truncation of results (no tc=1).  This results in DNSSEC
validation failures.


Mark

% dig dnskey soy +bufsize=512 +dnssec @ns-tld1.charlestonroadregistry.com
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.11.0pre-alpha <<>> dnskey soy +bufsize=512 +dnssec 
@ns-tld1.charlestonroadregistry.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36829
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;soy.                           IN      DNSKEY

;; ANSWER SECTION:
soy.                    86400   IN      DNSKEY  256 3 8 
AwEAAdjqNieDCzVc23se2bdg6iJstpAFaGyXERjWXT27dxlmAP8zObs0 
a7qQK1JJxx7v8ote3JtmuKgaPCGDjKumCdVynI+Ysc1Nqxm/aDz1pe6c 
ykBr7taVhtbedoXczEFu0PWknZWN3TIrL6RCi75bqLGmzn8FHH7asXQJ wTQvgqWb
soy.                    86400   IN      DNSKEY  257 3 8 
AwEAAcWe+Yfs8YAAt8w1JaRXkN18rc9nlBMyLaDP0hhXcGZjjBSZk6Lj 
QB3mz68fCoL6NHWOztlrJFyOP4yiK+d2UHOC+GALgvbStv5T44jBelh9 
Hz70ja5t54ycpqduAUPzgMrixFKdxu3vnoU3HiqoebUPQfxTD62xDDW9 
NSrcoBZGG4vE6Ksma3ntwR9/dqE/sFmNvSM8hXRCsh1/ZuKw4noKluGq 
vvHPyLYVmVnXU7/vprD0dg6ui3uwkKmWPIC0DvPCDQ0697CXckuFSJWY 
5vJKWG8plZkVJ+tiJpfNTNZF9WhIUQg6Au8lqWX+NwmPHTwZLw5P72gW o5JkoLHuLoU=

;; Query time: 308 msec
;; SERVER: 2001:4860:4802:32::69#53(2001:4860:4802:32::69)
;; WHEN: Fri Jul 25 10:12:37 EST 2014
;; MSG SIZE  rcvd: 445

% 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:  +61 2 9871 4742                  INTERNET: ma...@isc.org

[Dnssec-deployment] The nameservers for .SOY and .FOO are broken.

Reply via email to