Thus spake Casey Deccio (ca...@deccio.net) on Thu, May 30, 2013 at 11:17:03AM -0700: > On Thu, May 30, 2013 at 9:22 AM, Yunhong Gu <g...@google.com> wrote: > > Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from its > > authoritative name servers. If there is anyone on this list who manages > > ipp.gov DNS servers, please take a look. Our resolver IPs can be found at > > https://developers.google.com/speed/public-dns/faq#locations. > > > > > > I get a response for DNSKEY just fine*. However, the payload of the > response is 1279 bytes, and Google's resolvers set the maximum UDP > receive payload to 1232, which results in the truncated response. > Unfortunately, the ipp.gov servers don't respond over TCP, so the > resolvers aren't able to retrieve ipp.gov/DNSKEY. > > The problem here is that the ipp.gov servers aren't responding on > TCP/53. But of curiosity, why a max payload size of 1232 for the > Google resolvers?
I would guess that it is to fit inside tunnels? You will also see smaller than usual MSS (ex: 1416) from some (all?) google tcp services. Dale