Preparing for upcoming DNSSEC changes on 5/5

Peter Laws plaws at
Mon May 3 17:15:31 UTC 2010

On 01/-10/37 13:59, Kalman Feher wrote:

> Second, make sure the tested effective size appears in your named.conf in
> the options statement "edns-udp-size" on your resolver.
> In your case:
>   edns-udp-size 3843;

Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the test, which I assume is the default.  I, too, get the 3843 "at 
least" value.

Why would I set it to 3843?  Wouldn't I want it to be set to 4096 even if 
*some* device between here and only allows that smaller value?

I just woke up to this issue, sorry to say.  Interestingly, it didn't come 
up (directly) during the Educause webinar about DNSSEC last week (.edu will 
be signed in July).

Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at
Feedback? Contact my director, Craig Cochell, craigc at Thank you!

More information about the bind-users mailing list