On 04/22/10 18:48, Timothe Litt wrote:
I get a "connection timed out; no servers could be reached" after the
"Truncated, retrying in TCP mode" even with +bufsiz=512
I get a correct response when I use +bufsiz=512. After "Truncated,
retrying in TCP mode" I get a response, but apparently you do
ank you - I and my TLD holders thank you.
regards
joe baptista
>
>
>
> --- On *Thu, 4/22/10, Joe Baptista * wrote:
>
>
> From: Joe Baptista
> Subject: [ga] Re: Resolving .gov w/dnssec
> To: c...@cam.ac.uk, "g...@gnso.icann.org >> GA"
> Cc: &quo
> Folks on DSL should remember that their magic number is less than 1500 bytes
> (1492 is common, as is 1453).
*Some folks on DSL*. There are definitely DSL networks being operated
with a 1500 byte MTU offered to the user.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
In article ,
Paul Wouters wrote:
> On Thu, 22 Apr 2010, Chris Thompson wrote:
>
> >> I have the same problems with our validating unbound instance.
> >
> > I suspect that this has to do with
> >
> > dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov.
> > dig +dnssec +norec dnskey uspto.gov @s
cio [mailto:ca...@deccio.net]
Sent: Thursday, April 22, 2010 18:22
To: Michael Sinatra
Cc: bind-us...@isc.org
Subject: Re: Resolving .gov w/dnssec
On Thu, Apr 22, 2010 at 11:36 AM, Michael Sinatra
wrote:
But it doesn't contain the RRSIGs for the DNSKEY. 'dig +norec +cdflag
dnskey uspto.go
On Thu, Apr 22, 2010 at 4:25 PM, Michael Sinatra <
mich...@rancid.berkeley.edu> wrote:
> On 04/22/10 15:22, Casey Deccio wrote:
>
> Actually, what seems interesting to me is that the cutoff seems to be at a
>> payload size of 1736, which happens to be the exact size of the complete
>> response.
On 04/22/10 15:22, Casey Deccio wrote:
Actually, what seems interesting to me is that the cutoff seems to be at a
payload size of 1736, which happens to be the exact size of the complete
response. Is this just coincidence?
Yes it is. With the bufsize set to 1735, the response that will
actu
On Thu, Apr 22, 2010 at 11:36 AM, Michael Sinatra <
mich...@rancid.berkeley.edu> wrote:
> But it doesn't contain the RRSIGs for the DNSKEY. 'dig +norec +cdflag
> dnskey uspto.gov @dns1.uspto.gov' does not contain RRSIGs so it is only
> 1131 bytes. A non-EDNS0 query will receive the TC bit and wi
On 4/22/10 8:55 AM, Timothe Litt wrote:
So, others are also seeing this, and it's not unique to bind or my corner of
the internet. Thanks.
It seems to have been going on for weeks, so it isn't going to fix itself.
Who do I report this to so that it gets resolved?
I have had good luck reporti
On 04/22/10 10:23, Paul Wouters wrote:
On Thu, 22 Apr 2010, Chris Thompson wrote:
I have the same problems with our validating unbound instance.
I suspect that this has to do with
dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov.
dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov.
faili
On Thu, Apr 22, 2010 at 11:17 AM, Nate Itkin wrote:
>
> Not specifically, but I log a lot of errors resolving in usps.gov. USPS
> clearly has configuration issues. A representative sample from my logs:
>
> 19-Apr-2010 11:04:23.072 lame-servers: no valid RRSIG resolving '
> EGQ1REIRR8NVE4U6I97RO3P
On Thu, Apr 22, 2010 at 08:06:03AM -0400, Timothe Litt wrote:
> I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV
> configured as valdidating resolvers.
> [snip]
> Is anyone else seeing this? Ideas on how to troubleshoot?
Not specifically, but I log a lot of errors resolving i
On Thu, 22 Apr 2010, Chris Thompson wrote:
I have the same problems with our validating unbound instance.
I suspect that this has to do with
dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov.
dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov.
failing with timeouts, while dig +dnssec +n
the Litt; Bind Users Mailing List
Subject: Re: Resolving .gov w/dnssec
On Apr 22 2010, Paul Wouters wrote:
>On Thu, 22 Apr 2010, Timothe Litt wrote:
>
>> I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV
>> configured as valdidating resolvers.
>>
&
Looks like the future of the DNSSEC make work project includes resolution
failures here and there. More security - less stability - guaranteed
slavery. I wounder if it's a fair trade.
we'll see ..
regards
joe baptista
On Thu, Apr 22, 2010 at 10:52 AM, Chris Thompson wrote:
> On Apr 22 2010, Pau
On Apr 22 2010, Paul Wouters wrote:
On Thu, 22 Apr 2010, Timothe Litt wrote:
I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV
configured as valdidating resolvers.
Using dig, I get a connection timeout error after a long (~10 sec) delay.
+cdflag provides an immediate respo
Am Thu, 22 Apr 2010 10:03:43 -0400 (EDT)
schrieb Paul Wouters :
> On Thu, 22 Apr 2010, Timothe Litt wrote:
>
> > I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and
> > 9.6-ESV configured as valdidating resolvers.
> >
> > Using dig, I get a connection timeout error after a long (~10 sec
On Thu, 22 Apr 2010, Timothe Litt wrote:
I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV
configured as valdidating resolvers.
Using dig, I get a connection timeout error after a long (~10 sec) delay.
+cdflag provides an immediate response.
Is anyone else seeing this? I
I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV
configured as valdidating resolvers.
Using dig, I get a connection timeout error after a long (~10 sec) delay.
+cdflag provides an immediate response.
state.gov does not get this error. Note that it uses different nameservers
19 matches
Mail list logo
