NOAA.GOV domain not working
Mark Andrews
marka at isc.org
Tue Sep 19 01:58:28 UTC 2017
In message <36F8DD297FD5504AA37968ADA5BA93EB01178C20EA at GNBEXMB8PB.gnb.ca>, "Levesque, Ricky (SNB)" writes:
> Thanks Warren,
> I can query all the noaa.gov name servers without issues, and the replies
> are fast (sub 100ms)
Remember nameservers ask questions with different options set to
DiG's default options. DiG +trace turns on these additional options
or you can use "dig +dnssec +norec".
We really should make all the root and TLD servers return maximal
EDNS answers (pad to the advertised EDNS UDP size). This would
create a little short term pain by exposing all the broken firewalls
which would then get fixed or the nameserver would be reconfigured
to advertise a smaller EDNS buffer size. At the moment we have
people stumbling over the odd zone that returns large responses.
Root and TLD operators do everyone a disservice by trying to reduce
UDP response sizes to fit into a single ethernet frame. It just
hides the problem cause by bad firewall configuration.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list