On Mon, Mar 11, 2019 at 12:57:02PM +0000, Tony Finch <d...@dotat.at> wrote a message of 40 lines which said:
> > ; <<>> DiG 9.10.3-P4-Debian <<>> @194.0.9.1 DNSKEY ma > > To properly diagnose UDP message size issues you need +ignore +notcp on > the command line. (You actually need both options to stop dig using TCP in > all situations.) The response you pasted looked to me like what I get when > dig retries over TCP (except the "Truncated, retrying" notice was > omitted). I know and this is why I both checked the absence and "Truncated, retrying" and used tcpdump to be sure UDP was used. > > ; EDNS: version: 0, flags: do; udp: 1432 > > Weirdly, the DO flag here implies you added the +dnssec option but it > wasn't mentioned on the command line. % cat ~/.digrc +bufsize=4096 +dnssec +multi IMHO, dig could add these options on the command-line it displays. > Mark answered this part of the question, but I recommend also using > minimal-responses and minimal-any Does minimal-responses make sense for an authoritative name server? (Note there was no glue involved.) _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users