Preparing for upcoming DNSSEC changes on 5/5

Lightner, Jeff jlightner at
Tue May 4 12:29:05 UTC 2010

The point in my "anecdote" and the quote from the test was to say that
you do NOT need to set the value if you're getting something within 300
bytes of the advertised value.   You are as I was so do not need to set

It may be the person that suggested setting it was under the
misapprehension that the two values would be the same but the quote from
the Java testing tool made it clear that is NOT the case.

-----Original Message-----
From: at
[ at] On Behalf
Of Mark Andrews
Sent: Tuesday, May 04, 2010 12:01 AM
To: Laws, Peter C.
Cc: bind-users at
Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 

In message
<789398EA51916246A8016370EBC0231F0F3DD1 at>, 
"Laws, Peter C." writes:
> Yes, I get all that.  But earlier in the thread, I noted that:  
> "Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run
> test, which I assume is the default.  I, too, get the
3843 "at
> least" value.
> "Why would I set it to 3843?  Wouldn't I want it to be set to 4096
even if
> *some* device between here and only allows that smaller
> We've already had one anecdote of someone that also got 3843, setting
> p-size, re-running the test and getting a smaller number.  Makes no
sense to 
> me to set it at less than the 4096-byte default unless *I* had faulty
>  equipment.

You don't need to change anything if it says 3843.  The test does
*not* produce the exact limit of the path.

% dig +short txt @::1
;; Truncated, retrying in TCP mode.
"Tested at 2010-05-04 03:48:16 UTC"
" sent EDNS buffer size 4096"
" DNS reply size limit is at least 4091"

% dig +short txt @::1
;; Truncated, retrying in TCP mode.
"2001:470:1f00:820:214:22ff:fed9:fbdc DNS reply size limit is at least
"Tested at 2010-05-04 03:49:43 UTC"
"2001:470:1f00:820:214:22ff:fed9:fbdc sent EDNS buffer size 4096"

If you do a packet dump you will see lots of different respones to the
all coming in at the sames time.  The first one to re-assemble wins.
may not be the biggest.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at
bind-users mailing list
bind-users at
Proud partner. Susan G. Komen for the Cure.
Please consider our environment before printing this e-mail or attachments.
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.

More information about the bind-users mailing list