Preparing for upcoming DNSSEC changes on 5/5

[Mark Andrews]

In message <789398EA51916246A8016370EBC0231F0F3DD1 at it-rome.sooner.net.ou.edu>, 
"Laws, Peter C." writes:
> Yes, I get all that.  But earlier in the thread, I noted that:  
> 
> "Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the
> dns-oarc.net test, which I assume is the default.  I, too, get the 3843 "at
> least" value.
> 
> "Why would I set it to 3843?  Wouldn't I want it to be set to 4096 even if
> *some* device between here and dns-oarc.net only allows that smaller value?"
>
> We've already had one anecdote of someone that also got 3843, setting edns-ud
> p-size, re-running the test and getting a smaller number.  Makes no sense to 
> me to set it at less than the 4096-byte default unless *I* had faulty network
>  equipment.

You don't need to change anything if it says 3843.  The test does
*not* produce the exact limit of the path.

% dig +short rs.dns-oarc.net txt @::1
;; Truncated, retrying in TCP mode.
rst.x4091.rs.dns-oarc.net.
rst.x3837.x4091.rs.dns-oarc.net.
rst.x3843.x3837.x4091.rs.dns-oarc.net.
"Tested at 2010-05-04 03:48:16 UTC"
"211.30.172.21 sent EDNS buffer size 4096"
"211.30.172.21 DNS reply size limit is at least 4091"

% dig +short rs.dns-oarc.net txt @::1
;; Truncated, retrying in TCP mode.
rst.x3827.rs.dns-oarc.net.
rst.x4049.x3827.rs.dns-oarc.net.
rst.x4055.x4049.x3827.rs.dns-oarc.net.
"2001:470:1f00:820:214:22ff:fed9:fbdc DNS reply size limit is at least 4055"
"Tested at 2010-05-04 03:49:43 UTC"
"2001:470:1f00:820:214:22ff:fed9:fbdc sent EDNS buffer size 4096"

If you do a packet dump you will see lots of different respones to the query
all coming in at the sames time.  The first one to re-assemble wins.  This
may not be the biggest.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org