Re: Diagnostic help part 2

2014-10-01 Thread Barry Margolin
In article mailman.1035.1412133286.26362.bind-us...@lists.isc.org, Eli Heady eli.he...@gmail.com wrote: With response sizes growing (dnssec, ipv6), answers are more likely to be too large for UDP. That's unlikely. That's why EDNS was created, so that these large answers wouldn't require TCP.

Re: Diagnostic help part 2

2014-10-01 Thread Doug Barton
On 10/1/14 8:17 AM, Barry Margolin wrote: In article mailman.1035.1412133286.26362.bind-us...@lists.isc.org, Eli Heady eli.he...@gmail.com wrote: With response sizes growing (dnssec, ipv6), answers are more likely to be too large for UDP. That's unlikely. That's why EDNS was created, so

Re: Diagnostic help part 2

2014-10-01 Thread Mike Hoskins (michoski)
-Original Message- From: Doug Barton do...@dougbarton.us Date: Wednesday, October 1, 2014 at 2:07 PM To: bind-users@lists.isc.org bind-users@lists.isc.org Subject: Re: Diagnostic help part 2 On 10/1/14 8:17 AM, Barry Margolin wrote: In article

Re: Diagnostic help part 2

2014-10-01 Thread Tony Finch
Mike Hoskins (michoski) micho...@cisco.com wrote: This isn't even specific to DNS...for example, there was a time when just turning on what sounds good for cisco, netscreen and even checkpoint would break other things like ESMTP. You mean Cisco have fixed the grossly damaging bugs in the

RE: Diagnostic help part 2

2014-10-01 Thread John Anderson
If you would be so kind as to run the nmap test again from your location and let me know if you're seeing the correct - or at least *more* correct answers, I'd appreciate it. Bill, It looks good now. Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-01 12:47 MST Nmap scan report for

Re: Diagnostic help part 2

2014-10-01 Thread Mark Andrews
In message 5D9044356DCF9341A7D1CDAE12FC601C2976D2A5@exch10-mb2.ccbill-hq.local , John Anderson writes: If you would be so kind as to run the nmap test again from your location and let me know if you're seeing the correct - or at least *more* correct answe rs, I'd appreciate it. Bill, It

Re: Diagnostic help part 2

2014-10-01 Thread Bill Christensen
Thanks! That cleared up a number of problems. Now to tackle some of the others... On 10/1/14, 2:51 PM, John Anderson wrote: If you would be so kind as to run the nmap test again from your location and let me know if you're seeing the correct - or at least *more* correct answers, I'd

Re: Diagnostic help part 2

2014-10-01 Thread Anders Löwinger
On 2014-10-02 01:03, Mark Andrews wrote: TCP has always been required for DNS except in very special circumstances. Go read RFC 1123. Go look at the definition of SHOULD. Unless you really knew what you were doing TCP as always been expected to be ON. Some people refuse to enable stuff