I actually HATE this behaviour by TLDs. There is no need to restrict the EDNS UDP size at the authoritative server to prevent fragmentation. If the path block fragments the client will adjust their EDNS UDP size to match. If the path supports fragmentation (which is the actual RFC requirement) then the client doesn’t need to switch to TCP. Stop forcing me to use TCP because others can’t configure their firewalls correctly. It’s not your job to correct for their stupidity.
The network doesn’t drop fragments. Firewalls at the client end may and if so it it the clients responsibility to fix the firewalls. This is self inflicted pain. If you have local equipment that is dropping fragments FIX IT. Mark > On 12 Mar 2019, at 1:02 am, Stéphane Bortzmeyer <bortzme...@nic.fr> wrote: > > On Mon, Mar 11, 2019 at 09:39:58PM +1100, > Mark Andrews <ma...@isc.org> wrote > a message of 119 lines which said: > >> You are using the wrong control. >> Max-udp-size is what you want. > > Thanks it works as expected now. > > % dig +ignore @194.0.9.1 DNSKEY ma > > ; <<>> DiG 9.10.3-P4-Debian <<>> +ignore @194.0.9.1 DNSKEY ma > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24200 > ;; flags: qr aa tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 1432 > ;; QUESTION SECTION: > ;ma. IN DNSKEY > > ;; Query time: 3 msec > ;; SERVER: 194.0.9.1#53(194.0.9.1) > ;; WHEN: Mon Mar 11 15:02:18 CET 2019 > ;; MSG SIZE rcvd: 31 > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
