On Mon, May 2, 2011 at 1:13 PM, Florian Weimer <[email protected]> wrote: > * William Herrin: >> Anyone else having trouble with .gov DNS failing with edns-udp-size >> set to 512? > > You need an UDP size of at least 1220 for DNSSEC, see RFC 3226, > section 3. A query that advertises a smaller buffer size is > non-compliant. BIND will send such queries, but this is a > controversial feature.
Hi Florian, I have "dnssec-enable no;" in my bind config. Were you able to determine from the tcpdump output that DNSSEC was being requested? How? Thanks, Bill Herrin -- William D. Herrin ................ [email protected] [email protected] 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
