3 May
2011
3 May
'11
1:20 a.m.
* Mark Andrews:
You need an UDP size of at least 1220 for DNSSEC, see RFC 3226, section 3. A query that advertises a smaller buffer size is non-compliant. BIND will send such queries, but this is a controversial feature.
This has been noted before, for example:
From: Mark Andrews <marka@isc.org> Subject: [dnsext] Failure to add glue MUST cause TC to be set. To: dnsext@ietf.org Date: Sun, 20 Feb 2011 08:07:15 +1100 Message-Id: <20110219210716.72943A5602B@drugs.dv.isc.org>
And nameservers that don't set TC when they can't fit glue are broken RFC 1034.
Only if they produce such answers in response to compliant queries. 8-)