warren at kumari.net
Wed May 5 15:53:01 UTC 2010
On May 4, 2010, at 11:01 AM, Linux Addict wrote:
> On Tue, May 4, 2010 at 10:43 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr
> > wrote:
> On Tue, May 04, 2010 at 10:27:25AM -0400,
> Linux Addict <linuxaddict7 at gmail.com> wrote
> a message of 89 lines which said:
> > lacks EDNS, defaults to 512"
> > DNS reply size limit is at least 490"
> > "Tested at 2010-05-04 14:21:02 UTC"
> You edited the responses (which includes an IP address). Is it the IP
> address of your resolver? There is may be a forwarder which does not
> have EDNS.
> Second possibility, a middlebox mangles your packets and deletes EDNS
> Actually that IP was our external NAT. One information I neglected
> to mention is bind forwards to a tinydns appliance which of course
> does not support DNSSEC for obvious reasons.
> So what are my options now? Will the internet work for me tomorrow?
> At least I have company in Google..
> dig +short rs.dns-oarc.net txt @22.214.171.124
> "126.96.36.199 DNS reply size limit is at least 490"
> "188.8.131.52 lacks EDNS, defaults to 512"
> "Tested at 2010-05-04 15:00:07 UTC"
Actually, we do support EDNS0, but usually only advertise larger
buffers if needed.
For example, if you retry this with +dnssec you should get:
wkumari at colon:/$ dig +dnssec +short rs.dns-oarc.net txt @184.108.40.206
"220.127.116.11 DNS reply size limit is at least 1257"
"18.104.22.168 sent EDNS buffer size 1280"
"Tested at 2010-05-05 15:51:16 UTC"
wkumari at colon:/$
> bind-users mailing list
> bind-users at lists.isc.org
If the bad guys have copies of your MD5 passwords, then you have way
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users