On Sun, Apr 19, 2020 at 12:39:24AM -0400, Viktor Dukhovni wrote:
> The DANE survey unbound resolver is presently configured to advertise an
> EDNS UDP buffer size of 1232 bytes (to avoid UDP fragmentation problems
> over IPv6). With this buffer size (or indeed any buffer size below 1346
> bytes) and the DO bit set to solicit DNSSEC signatures, queries for the
> darpa.mil MX host TLSA records fail:
FWIW, with ofda.gov even 1410 is not enough, EDNS buffer sizes less than
1555 (requiring working fragmentation) elicit a TC=1 response, but TCP
is not available.
Timeout:
dig +bufsize=1554 +dnssec +norecur @$ip -t tlsa
_25._tcp.dc4vasmtp01.ofda.gov
Success:
dig +bufsize=1555 +dnssec +norecur @$ip -t tlsa
_25._tcp.dc4vasmtp01.ofda.gov
--
Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
