[Dnssec-deployment] ANY (Re: CAT is signed )

[Ray Bellis]

assuming your usual (and unprofessional) sardonicness is in place here, i
will explain for the gallery that 4096 is only a common default and that
values up to nearly 64K are allowed.

Unless you're running BIND, which unilaterally clips any configured value at 4096...

BIND ARM - Ch.6:

--8<--8<--

edns-udp-size
Sets the advertised EDNS UDP buffer size in bytes
to control the size of packets received. Valid values
are 1024 to 4096 (values outside this range will be
silently adjusted). The default value is 4096. The
usual reason for setting edns-udp-size to a non-default
value is to get UDP answers to pass through broken
firewalls that block fragmented packets and/or block
UDP packets that are greater than 512 bytes.

named will fallback to using 512 bytes if it get a
series of timeout at the initial value. 512 bytes
is not being offered to encourage sites to fix their
firewalls. Small EDNS UDP sizes will result in the
excessive use of TCP.

max-udp-size
Sets the maximum EDNS UDP message size named will
send in bytes. Valid values are 512 to 4096 (values
outside this range will be silently adjusted). The
default value is 4096. The usual reason for setting
max-udp-size to a non-default value is to get UDP
answers to pass through broken firewalls that block
fragmented packets and/or block UDP packets that
are greater than 512 bytes. This is independent of
the advertised receive buffer (edns-udp-size).

Setting this to a low value will encourge additional
TCP traffic to the nameserver.

--8<--8<--

Ray

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20100630/be427a0a/attachment.html