[Dnssec-deployment] H3C routers, NAT and NSEC3 problem ?
Phil Regnauld
regnauld at nsrc.org
Fri Oct 22 05:06:07 EDT 2010
Mark Andrews (marka) writes:
>
> > dig @e.ns.se ns eon.se +dnssec # NSEC, works
> > dig @s.nic.dk byferier.dk ns +dnssec # NSEC3, dropped
> > dig @f.ext.nic.fr nic.fr +dnssec # NSEC3, dropped
>
> Which could also just be responses > 512 bytes being dropped.
> The last two are ~800 bytes.
Says rs.dns-oarc.net:
$ dig +short rs.dns-oarc.net txt
rst.x1247.rs.dns-oarc.net.
rst.x1257.x1247.rs.dns-oarc.net.
rst.x1228.x1257.x1247.rs.dns-oarc.net.
"74.125.42.94 DNS reply size limit is at least 1257"
"74.125.42.94 sent EDNS buffer size 1280"
"Tested at 2010-10-22 09:04:12 UTC"
?
More information about the Dnssec-deployment
mailing list