Re: dnssec question. confused.

2011-09-29 Thread Joseph Karpenko
: michoski micho...@cisco.com To: Steve Arntzen i...@arntzen.us, bind-users@lists.isc.org Subject: Re: dnssec question. confused. On 9/28/11 5:32 AM, Steve Arntzen i...@arntzen.us wrote: Is your firewall Cisco based? There is a known default setting in Cisco with respect to packet size for DNS

RE: dnssec question. confused.

2011-09-28 Thread Marc Lampo
-users@lists.isc.org Subject: dnssec question. confused. When trying the DNSSEC check command from: https://www.dns-oarc.net/oarc/services/replysizetest behind our corporate firewall, I get: rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. Tested at 2011-09

Re: dnssec question. confused.

2011-09-28 Thread Steve Arntzen
Is your firewall Cisco based? There is a known default setting in Cisco with respect to packet size for DNS. Our network guys run into this anytime they do an upgrade, etc. and have to go in and update the setting. Steve. On Tue, 2011-09-27 at 15:45 -0500, Brad Bendily wrote: When trying

Re: dnssec question. confused.

2011-09-28 Thread michoski
On 9/28/11 5:32 AM, Steve Arntzen i...@arntzen.us wrote: Is your firewall Cisco based? There is a known default setting in Cisco with respect to packet size for DNS. Our network guys run into this anytime they do an upgrade, etc. and have to go in and update the setting. This bit me the

RE: dnssec question. confused.

2011-09-28 Thread Brad Bendily
On 9/28/11 5:32 AM, Steve Arntzen i...@arntzen.us wrote: Is your firewall Cisco based? Yes. The firewall is Cisco based. However, the main problem there is, there are several firewalls before leaving our network and my dept doesn't manage all of them. There is a known default setting in

dnssec question. confused.

2011-09-27 Thread Brad Bendily
When trying the DNSSEC check command from: https://www.dns-oarc.net/oarc/services/replysizetest behind our corporate firewall, I get: rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. Tested at 2011-09-27 20:32:34 UTC 205.172.49.177 sent EDNS buffer

Re: dnssec question. confused.

2011-09-27 Thread Doug Barton
On 09/27/2011 13:45, Brad Bendily wrote: dig +dnssec eeoc.gov Try that again with +notcp. FYI, on a clean network the response I get to that query is 3,918 bytes. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth

Re: dnssec question. confused.

2011-09-27 Thread Mark Andrews
In message 798e3caf2fcc264481d8f75fb3d0bfd91b538...@mailmbx10.mail.la.gov, Br ad Bendily writes: When trying the DNSSEC check command from: https://www.dns-oarc.net/oarc/services/replysizetest behind our corporate firewall, I get: rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net.