Preparing for upcoming DNSSEC changes on 5/5
Lightner, Jeff
jlightner at water.com
Tue May 4 12:29:05 UTC 2010
The point in my "anecdote" and the quote from the test was to say that
you do NOT need to set the value if you're getting something within 300
bytes of the advertised value. You are as I was so do not need to set
it.
It may be the person that suggested setting it was under the
misapprehension that the two values would be the same but the quote from
the Java testing tool made it clear that is NOT the case.
-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org
[mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf
Of Mark Andrews
Sent: Tuesday, May 04, 2010 12:01 AM
To: Laws, Peter C.
Cc: bind-users at isc.org
Subject: Re: Preparing for upcoming DNSSEC changes on 5/5
In message
<789398EA51916246A8016370EBC0231F0F3DD1 at it-rome.sooner.net.ou.edu>,
"Laws, Peter C." writes:
> Yes, I get all that. But earlier in the thread, I noted that:
>
> "Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run
the
> dns-oarc.net test, which I assume is the default. I, too, get the
3843 "at
> least" value.
>
> "Why would I set it to 3843? Wouldn't I want it to be set to 4096
even if
> *some* device between here and dns-oarc.net only allows that smaller
value?"
>
> We've already had one anecdote of someone that also got 3843, setting
edns-ud
> p-size, re-running the test and getting a smaller number. Makes no
sense to
> me to set it at less than the 4096-byte default unless *I* had faulty
network
> equipment.
You don't need to change anything if it says 3843. The test does
*not* produce the exact limit of the path.
% dig +short rs.dns-oarc.net txt @::1
;; Truncated, retrying in TCP mode.
rst.x4091.rs.dns-oarc.net.
rst.x3837.x4091.rs.dns-oarc.net.
rst.x3843.x3837.x4091.rs.dns-oarc.net.
"Tested at 2010-05-04 03:48:16 UTC"
"211.30.172.21 sent EDNS buffer size 4096"
"211.30.172.21 DNS reply size limit is at least 4091"
% dig +short rs.dns-oarc.net txt @::1
;; Truncated, retrying in TCP mode.
rst.x3827.rs.dns-oarc.net.
rst.x4049.x3827.rs.dns-oarc.net.
rst.x4055.x4049.x3827.rs.dns-oarc.net.
"2001:470:1f00:820:214:22ff:fed9:fbdc DNS reply size limit is at least
4055"
"Tested at 2010-05-04 03:49:43 UTC"
"2001:470:1f00:820:214:22ff:fed9:fbdc sent EDNS buffer size 4096"
If you do a packet dump you will see lots of different respones to the
query
all coming in at the sames time. The first one to re-assemble wins.
This
may not be the biggest.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Proud partner. Susan G. Komen for the Cure.
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
More information about the bind-users
mailing list