In message <36f8dd297fd5504aa37968ada5ba93eb01178c2...@gnbexmb8pb.gnb.ca>, "Levesque, Ricky (SNB)" writes: > Thanks Warren, > I can query all the noaa.gov name servers without issues, and the replies > are fast (sub 100ms)
Remember nameservers ask questions with different options set to DiG's default options. DiG +trace turns on these additional options or you can use "dig +dnssec +norec". We really should make all the root and TLD servers return maximal EDNS answers (pad to the advertised EDNS UDP size). This would create a little short term pain by exposing all the broken firewalls which would then get fixed or the nameserver would be reconfigured to advertise a smaller EDNS buffer size. At the moment we have people stumbling over the odd zone that returns large responses. Root and TLD operators do everyone a disservice by trying to reduce UDP response sizes to fit into a single ethernet frame. It just hides the problem cause by bad firewall configuration. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users