Preparing for upcoming DNSSEC changes on 5/5
Mark Andrews
marka at isc.org
Tue May 4 04:01:25 UTC 2010
In message <789398EA51916246A8016370EBC0231F0F3DD1 at it-rome.sooner.net.ou.edu>,
"Laws, Peter C." writes:
> Yes, I get all that. But earlier in the thread, I noted that:
>
> "Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the
> dns-oarc.net test, which I assume is the default. I, too, get the 3843 "at
> least" value.
>
> "Why would I set it to 3843? Wouldn't I want it to be set to 4096 even if
> *some* device between here and dns-oarc.net only allows that smaller value?"
>
> We've already had one anecdote of someone that also got 3843, setting edns-ud
> p-size, re-running the test and getting a smaller number. Makes no sense to
> me to set it at less than the 4096-byte default unless *I* had faulty network
> equipment.
You don't need to change anything if it says 3843. The test does
*not* produce the exact limit of the path.
% dig +short rs.dns-oarc.net txt @::1
;; Truncated, retrying in TCP mode.
rst.x4091.rs.dns-oarc.net.
rst.x3837.x4091.rs.dns-oarc.net.
rst.x3843.x3837.x4091.rs.dns-oarc.net.
"Tested at 2010-05-04 03:48:16 UTC"
"211.30.172.21 sent EDNS buffer size 4096"
"211.30.172.21 DNS reply size limit is at least 4091"
% dig +short rs.dns-oarc.net txt @::1
;; Truncated, retrying in TCP mode.
rst.x3827.rs.dns-oarc.net.
rst.x4049.x3827.rs.dns-oarc.net.
rst.x4055.x4049.x3827.rs.dns-oarc.net.
"2001:470:1f00:820:214:22ff:fed9:fbdc DNS reply size limit is at least 4055"
"Tested at 2010-05-04 03:49:43 UTC"
"2001:470:1f00:820:214:22ff:fed9:fbdc sent EDNS buffer size 4096"
If you do a packet dump you will see lots of different respones to the query
all coming in at the sames time. The first one to re-assemble wins. This
may not be the biggest.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list