DNSSEC
Mark Andrews
marka at isc.org
Tue May 4 14:43:57 UTC 2010
In message <j2i707abafb1005040727n476321a8kfad12a740f8df733 at mail.gmail.com>, Li
nux Addict writes:
>
> Hello Binders! I run bind 9.5.0-P2, but I cant seem to get more than
> 512bytes. Any ideas? I read the Admin Guide which says default edns udp
> size is 4096bytes. Should I change the edns udp size on
> named.conf explicitly?
No. You should fix whatever piece of middleware that is blocking EDNS
packets from getting through. The whole point of running this test
is to identify when you have broken/misconfigured middleware.
If you can't fix it then and only then should you adjust named. In the
meantime named will continue to work but not as effieciently as it should.
Mark
> root at ns01x ~]# dig +short rs.dns-oarc.net txt @ns01x
> rst.x476.rs.dns-oarc.net.
> rst.x485.x476.rs.dns-oarc.net.
> rst.x490.x485.x476.rs.dns-oarc.net.
> lacks EDNS, defaults to 512"
> DNS reply size limit is at least 490"
> "Tested at 2010-05-04 14:21:02 UTC"
>
> [root at ns01x ~]# /usr/local/sbin/named -v
> BIND 9.5.0-P2
>
>
> [root at ns01x ~]# grep -i dns /etc/named.conf dnssec not
> enabled.
> [root at ns01x ~]#
>
>
> [root at ns01x ~]# dig +short rs.dns-oarc.net txt @4.2.2.2 Some other NS
> rst.x3827.rs.dns-oarc.net.
> rst.x3837.x3827.rs.dns-oarc.net.
> rst.x3843.x3837.x3827.rs.dns-oarc.net.
> "Tested at 2010-05-04 14:24:02 UTC"
> "192.221.150.248 sent EDNS buffer size 4096"
> "192.221.150.248 DNS reply size limit is at least 3843"
>
>
>
> Cheers
> LA
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list