On 09/27/2011 13:45, Brad Bendily wrote:
> dig +dnssec eeoc.gov
Try that again with +notcp.
FYI, on a "clean" network the response I get to that query is 3,918 bytes.
hth,
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadt
In message <798e3caf2fcc264481d8f75fb3d0bfd91b538...@mailmbx10.mail.la.gov>, Br
ad Bendily writes:
>
> When trying the DNSSEC check command from:
> https://www.dns-oarc.net/oarc/services/replysizetest
>
> behind our corporate firewall, I get:
> rst.x476.rs.dns-oarc.net.
> rst.x485.x476.rs.dns-oa
Hello,
1) the dig command, as shown, does not ask an authoritative name server
for eeoc.gov.
but rather addresses a locally configured caching name server
(10.120.11.107).
(which may explain the difference in size - 1726 bytes -
as opposed to the 3918 bytes of Doug Barton)
((some data
Is your firewall Cisco based?
There is a known "default" setting in Cisco with respect to packet size
for DNS. Our network guys run into this anytime they do an upgrade,
etc. and have to go in and update the setting.
Steve.
On Tue, 2011-09-27 at 15:45 -0500, Brad Bendily wrote:
> When trying
On 9/28/11 5:32 AM, "Steve Arntzen" wrote:
> Is your firewall Cisco based?
>
> There is a known "default" setting in Cisco with respect to packet size
> for DNS. Our network guys run into this anytime they do an upgrade,
> etc. and have to go in and update the setting.
This bit me the first tim
> On 9/28/11 5:32 AM, "Steve Arntzen" wrote:
> > Is your firewall Cisco based?
Yes. The firewall is Cisco based.
However, the main problem there is, there are several firewalls before
leaving our network and my dept doesn't manage all of them.
> > There is a known "default" setting in Cisco wi
> From: michoski
> To: Steve Arntzen , bind-users@lists.isc.org
> Subject: Re: dnssec question. confused.
>
> On 9/28/11 5:32 AM, "Steve Arntzen" wrote:
>> Is your firewall Cisco based?
>>
>> There is a known "default" setting in Cisco with res
7 matches
Mail list logo
