DNSSEC
Linux Addict
linuxaddict7 at gmail.com
Tue May 4 15:01:24 UTC 2010
On Tue, May 4, 2010 at 10:43 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>wrote:
> On Tue, May 04, 2010 at 10:27:25AM -0400,
> Linux Addict <linuxaddict7 at gmail.com> wrote
> a message of 89 lines which said:
>
> > lacks EDNS, defaults to 512"
> > DNS reply size limit is at least 490"
> > "Tested at 2010-05-04 14:21:02 UTC"
>
> You edited the responses (which includes an IP address). Is it the IP
> address of your resolver? There is may be a forwarder which does not
> have EDNS.
>
> Second possibility, a middlebox mangles your packets and deletes EDNS
> options.
>
>
Actually that IP was our external NAT. One information I neglected to
mention is bind forwards to a tinydns appliance which of course does not
support DNSSEC for obvious reasons.
So what are my options now? Will the internet work for me tomorrow?
At least I have company in Google..
dig +short rs.dns-oarc.net txt @8.8.8.8
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"64.233.168.94 DNS reply size limit is at least 490"
"64.233.168.94 lacks EDNS, defaults to 512"
"Tested at 2010-05-04 15:00:07 UTC"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100504/7e9d05d1/attachment.html>
More information about the bind-users
mailing list