On Wed, 8 Dec 2010, Rianto Wahyudi wrote:
>
> - Does any one have a good example of prominent website that have
> DNSEC setup properly other than paypal?
> - Any example of dns record that send packet larger than 512 ?
; <<>> DiG 9.6.2-P2 <<>> +multiline +dnssec www.cam.ac.uk
;; global options: +c
In message , Rian
to Wahyudi writes:
> Hi Mark,
>
> Thanks for your quick response !
>
> > Standards Track.
> > RFC 2671 Extension Mechanisms for DNS (EDNS0)
> > RFC 3226 DNSSEC and IPv6 A6 aware server/resolver message size requiremen=
> ts
>
> Unfortunately RFC is not considered as good enoug
> > Standards Track.
> > RFC 2671 Extension Mechanisms for DNS (EDNS0)
> > RFC 3226 DNSSEC and IPv6 A6 aware server/resolver message size requirements
>
> Unfortunately RFC is not considered as good enough ... unless if we
> can find an actual proof that can be replicated :(
disable dnssec then.
Hi Mark,
Thanks for your quick response !
> Standards Track.
> RFC 2671 Extension Mechanisms for DNS (EDNS0)
> RFC 3226 DNSSEC and IPv6 A6 aware server/resolver message size requirements
Unfortunately RFC is not considered as good enough ... unless if we
can find an actual proof that can be repl
In message , Rian
to Wahyudi writes:
> Our network team are quite reluctant to make any changes on the FWSM
> in regards to DNS inspection.
> So it seems that we are stuck with maximum UDP packet of 512 byte.
>
> Unfortunately, I do not have much evidence (ie user complains) to
> escalate this iss
Our network team are quite reluctant to make any changes on the FWSM
in regards to DNS inspection.
So it seems that we are stuck with maximum UDP packet of 512 byte.
Unfortunately, I do not have much evidence (ie user complains) to
escalate this issue much further except from few number of users w
On 26/11/10 5:58 AM, "Mark Andrews" wrote:
>
> In message ,
> Rian
> to Wahyudi writes:
>> Hi Mark,
>>
>> Thanks for the pointers , your are spot on!
>>
>> Doing dig +trace +dnssec www.paypal.com always fail.
>> After some investigation with the network guys, it appear that our upstream
>>
In message , Rian
to Wahyudi writes:
> Hi Mark,
>
> Thanks for the pointers , your are spot on!
>
> Doing dig +trace +dnssec www.paypal.com always fail.
> After some investigation with the network guys, it appear that our upstream
> firewall are dropping DNS UDP packet larger than 512.
> Cisco F
Hi Mark,
Thanks for the pointers , your are spot on!
Doing dig +trace +dnssec www.paypal.com always fail.
After some investigation with the network guys, it appear that our upstream
firewall are dropping DNS UDP packet larger than 512.
Cisco FWSM have this configuration enabled by default :
http
In message , Rian
to Wahyudi writes:
> Hi all,
>
> Im trying to troubleshoot and find out the reason why some of our DNS lookup
> take a long time :
>
>
> ns-dev ~ # rndc flushname www.paypal.com ; dig www.paypal.com @localhost
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www.paypal
Hi all,
Im trying to troubleshoot and find out the reason why some of our DNS lookup
take a long time :
ns-dev ~ # rndc flushname www.paypal.com ; dig www.paypal.com @localhost
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www.paypal.com @localhost
;; global options: printcmd
;; Got answ
11 matches
Mail list logo
