Hi Roberto,
You are correct in that the DNS Flag day tester at https://dnsflagday.net/
is reporting the closed TCP port as a serious problem. Given that the TCP
port is closed, obviously the EDNS test over TCP fails too and the error
given by the site would be something like: edns512tcp=timeout
On 2/4/19 9:47 AM, Alan Clegg wrote:
> On 2/4/19 7:03 AM, @lbutlr wrote:
>
>> # nsupdate -d -v -l example.com
>> Creating key...
>> namefromtext
>> keycreate
>> incorrect section name: $ORIGIN
>
> I'd recommend that you use nsupdate in interactive mode first.
The point of this which I had
On 2/4/19 7:03 AM, @lbutlr wrote:
> # nsupdate -d -v -l example.com
> Creating key...
> namefromtext
> keycreate
> incorrect section name: $ORIGIN
I'd recommend that you use nsupdate in interactive mode first.
--SNIP--
root@svlg-gateway:/etc/namedb# nsupdate -l
> update add funnyrecord.boat
rfc6891 states that it uses TCP to avoid truncated UDP responses. It is all
about packet size,fragmentation and network load.
EDNS(0) specifies a way to advertise additional features such as
larger response size capability, which is intended to help avoid
truncated UDP responses,
Ben, thanks a lot !!!
Regards
On Mon, Feb 4, 2019 at 11:04 AM Ben Croswell wrote:
> When a DNS response is too large to fit in a single UDP packet, 512 bytes
> up to 4k with edns, the DNS server will respond with as much as it can fit
> in the UDP packet. It will also set the truncate, TC, bit
When a DNS response is too large to fit in a single UDP packet, 512 bytes
up to 4k with edns, the DNS server will respond with as much as it can fit
in the UDP packet. It will also set the truncate, TC, bit to let the client
doing the query that the answer is truncated and the client should query
Just about anything (if it is large enough).
r
On 2019-02-04 08:56 AM, Roberto Carna wrote:
Thanks Ben for your response, can you tell me the types of TCP traffic I have
to expect in BIND, excepting Zone Tansfer?
Thans a lot again!!!
El lun., 4 feb. 2019 a las 10:50, Ben Croswell
Thanks Ben for your response, can you tell me the types of TCP traffic I
have to expect in BIND, excepting Zone Tansfer?
Thans a lot again!!!
El lun., 4 feb. 2019 a las 10:50, Ben Croswell ()
escribió:
> BIND has always required UDP and TCP 53 for proper functionality. It
> sometimes mistakenly
BIND has always required UDP and TCP 53 for proper functionality. It
sometimes mistakenly believed that TCP is only for zone transfers but that
is not the case.
On Mon, Feb 4, 2019, 8:46 AM Roberto Carna Dear, I have a BIND 9.10 public server and I have delegated some public
> domains.
>
> When
Dear, I have a BIND 9.10 public server and I have delegated some public
domains.
When I test these domains with the EDNS tool offered in the DNS Flag Day
webpage, the test was wrong wit just UDP/53 port opened to Internet.
After that, when I opened also TCP/53 port, the test was succesful.
@lbutlr wrote:
>
> # nsupdate -d -v -l example.com
nsupdate doesn't take zone files as input; instead it takes a list of
(incremental) changes. The "invalid section" error refers to keywords in
nsupdate syntax which refer to parts of DNS UPDATE messages: the prereq
section, the update section,
Here is a domain zone file for example.com which is hosted by covisp.net:
$ORIGIN .
$TTL 86400 ; 1 day
example.com. IN SOA ns1.covisp.net. admin.example.com. (
2019020100 ; serial
300; refresh (5 minutes)
@lbutlr wrote:
> Based having update-policy local; auto-dnssec maintain; in the zone,
> when I make changed to example.com I was expecting that
> example.com.signed will be refreshed.
>
> This doesn’t seem to be happening.
Are you doing `rndc freeze` and `rndc thaw` before and after editing the
13 matches
Mail list logo
