In message <[email protected]>, Florian Weimer writes: > * William Herrin: > > > Anyone else having trouble with .gov DNS failing with edns-udp-size > > set to 512? > > You need an UDP size of at least 1220 for DNSSEC, see RFC 3226, > section 3. A query that advertises a smaller buffer size is > non-compliant. BIND will send such queries, but this is a > controversial feature. > > This has been noted before, for example: > > From: Mark Andrews <[email protected]> > Subject: [dnsext] Failure to add glue MUST cause TC to be set. > To: [email protected] > Date: Sun, 20 Feb 2011 08:07:15 +1100 > Message-Id: <[email protected]>
And nameservers that don't set TC when they can't fit glue are broken RFC 1034. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
