Hi Folks, Anyone else having trouble with .gov DNS failing with edns-udp-size set to 512? Here's what I'm seeing: No edns-udp-size setting. tcpdump -n -s 0 -vv -i eth1 host 209.112.123.30 or host 69.36.157.30 nslookup www.nsf.gov 127.0.0.1 11:42:36.574916 IP (tos 0x0, ttl 64, id 21833, offset 0, flags [none], proto UDP (17), length 68) 71.246.241.146.10399 > 69.36.157.30.53: [udp sum ok] 56983 [1au] A? www.nsf.gov. ar: . OPT UDPsize=4096 OK (40) 11:42:36.659636 IP (tos 0x0, ttl 249, id 54334, offset 0, flags [none], proto UDP (17), length 598) 69.36.157.30.53 > 71.246.241.146.10399: [udp sum ok] 56983- q: A? www.nsf.gov. 0/7/5 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: swirl.nsf.gov. A 198.181.231.15, whirl.nsf.gov. A 198.181.231.16, cyclone.nsf.gov. A 204.14.134.227, twister.nsf.gov. A 198.181.231.17, . OPT UDPsize=1472 (570) edns-udp-size 512 tcpdump -n -s 0 -vv -i eth1 host 209.112.123.30 or host 69.36.157.30 nslookup www.nsf.gov 127.0.0.1 11:53:01.604105 IP (tos 0x0, ttl 64, id 21834, offset 0, flags [none], proto UDP (17), length 68) 71.246.241.146.58103 > 69.36.157.30.53: [udp sum ok] 10320 [1au] A? www.nsf.gov. ar: . OPT UDPsize=512 OK (40) 11:53:01.690414 IP (tos 0x0, ttl 249, id 28744, offset 0, flags [none], proto UDP (17), length 534) 69.36.157.30.53 > 71.246.241.146.58103: [udp sum ok] 10320- q: A? www.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (506) 11:53:01.695000 IP (tos 0x0, ttl 64, id 20662, offset 0, flags [none], proto UDP (17), length 70) 71.246.241.146.23911 > 209.112.123.30.53: [udp sum ok] 18982% [1au] A? whirl.nsf.gov. ar: . OPT UDPsize=512 OK (42) 11:53:01.695489 IP (tos 0x0, ttl 64, id 20663, offset 0, flags [none], proto UDP (17), length 70) 71.246.241.146.63892 > 209.112.123.30.53: [udp sum ok] 3675% [1au] AAAA? whirl.nsf.gov. ar: . OPT UDPsize=512 OK (42) 11:53:01.695931 IP (tos 0x0, ttl 64, id 20664, offset 0, flags [none], proto UDP (17), length 70) 71.246.241.146.37019 > 209.112.123.30.53: [udp sum ok] 36777% [1au] A? swirl.nsf.gov. ar: . OPT UDPsize=512 OK (42) 11:53:01.696274 IP (tos 0x0, ttl 64, id 20665, offset 0, flags [none], proto UDP (17), length 70) 71.246.241.146.15021 > 209.112.123.30.53: [udp sum ok] 13755% [1au] AAAA? swirl.nsf.gov. ar: . OPT UDPsize=512 OK (42) 11:53:01.696653 IP (tos 0x0, ttl 64, id 20666, offset 0, flags [none], proto UDP (17), length 72) 71.246.241.146.38082 > 209.112.123.30.53: [udp sum ok] 14449% [1au] A? cyclone.nsf.gov. ar: . OPT UDPsize=512 OK (44) 11:53:01.697045 IP (tos 0x0, ttl 64, id 20667, offset 0, flags [none], proto UDP (17), length 72) 71.246.241.146.28219 > 209.112.123.30.53: [udp sum ok] 38858% [1au] AAAA? cyclone.nsf.gov. ar: . OPT UDPsize=512 OK (44) 11:53:01.699294 IP (tos 0x0, ttl 64, id 20668, offset 0, flags [none], proto UDP (17), length 72) 71.246.241.146.50745 > 209.112.123.30.53: [udp sum ok] 53248% [1au] A? twister.nsf.gov. ar: . OPT UDPsize=512 OK (44) 11:53:01.700257 IP (tos 0x0, ttl 64, id 20669, offset 0, flags [none], proto UDP (17), length 72) 71.246.241.146.21482 > 209.112.123.30.53: [udp sum ok] 56185% [1au] AAAA? twister.nsf.gov. ar: . OPT UDPsize=512 OK (44) 11:53:01.780833 IP (tos 0x0, ttl 251, id 9453, offset 0, flags [none], proto UDP (17), length 536) 209.112.123.30.53 > 71.246.241.146.23911: [udp sum ok] 18982- q: A? whirl.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508) 11:53:01.781284 IP (tos 0x0, ttl 251, id 24142, offset 0, flags [none], proto UDP (17), length 536) 209.112.123.30.53 > 71.246.241.146.63892: [udp sum ok] 3675- q: AAAA? whirl.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508) 11:53:01.781999 IP (tos 0x0, ttl 251, id 9454, offset 0, flags [none], proto UDP (17), length 536) 209.112.123.30.53 > 71.246.241.146.37019: [udp sum ok] 36777- q: A? swirl.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508) 11:53:01.782136 IP (tos 0x0, ttl 251, id 24143, offset 0, flags [none], proto UDP (17), length 536) 209.112.123.30.53 > 71.246.241.146.15021: [udp sum ok] 13755- q: AAAA? swirl.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508) 11:53:01.782552 IP (tos 0x0, ttl 251, id 9455, offset 0, flags [none], proto UDP (17), length 538) 209.112.123.30.53 > 71.246.241.146.38082: [udp sum ok] 14449- q: A? cyclone.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510) 11:53:01.782937 IP (tos 0x0, ttl 251, id 24144, offset 0, flags [none], proto UDP (17), length 538) 209.112.123.30.53 > 71.246.241.146.28219: [udp sum ok] 38858- q: AAAA? cyclone.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510) 11:53:01.785168 IP (tos 0x0, ttl 251, id 9456, offset 0, flags [none], proto UDP (17), length 538) 209.112.123.30.53 > 71.246.241.146.50745: [udp sum ok] 53248- q: A? twister.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510) 11:53:01.786251 IP (tos 0x0, ttl 251, id 24145, offset 0, flags [none], proto UDP (17), length 538) 209.112.123.30.53 > 71.246.241.146.21482: [udp sum ok] 56185- q: AAAA? twister.nsf.gov. 0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510) So with edns-udp-size set to 512 it looks like the .gov servers (a.gov-servers.net, b.gov-servers.net) refuse to ever return the necessary glue for the nsf.gov DNS servers. Am I reading this right? Thanks, Bill Herrin -- William D. Herrin ................ herrin@dirtside.comĀ bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004