BIND 9.11 no longer respects edns-udp-size?
Stéphane Bortzmeyer
bortzmeyer at nic.fr
Mon Mar 11 13:54:16 UTC 2019
On Mon, Mar 11, 2019 at 12:57:02PM +0000,
Tony Finch <dot at dotat.at> wrote
a message of 40 lines which said:
> > ; <<>> DiG 9.10.3-P4-Debian <<>> @194.0.9.1 DNSKEY ma
>
> To properly diagnose UDP message size issues you need +ignore +notcp on
> the command line. (You actually need both options to stop dig using TCP in
> all situations.) The response you pasted looked to me like what I get when
> dig retries over TCP (except the "Truncated, retrying" notice was
> omitted).
I know and this is why I both checked the absence and "Truncated,
retrying" and used tcpdump to be sure UDP was used.
> > ; EDNS: version: 0, flags: do; udp: 1432
>
> Weirdly, the DO flag here implies you added the +dnssec option but it
> wasn't mentioned on the command line.
% cat ~/.digrc
+bufsize=4096
+dnssec
+multi
IMHO, dig could add these options on the command-line it displays.
> Mark answered this part of the question, but I recommend also using
> minimal-responses and minimal-any
Does minimal-responses make sense for an authoritative name server?
(Note there was no glue involved.)
More information about the bind-users
mailing list