BIND 9.11 no longer respects edns-udp-size?

[Tony Finch]

Stéphane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> ; <<>> DiG 9.10.3-P4-Debian <<>> @194.0.9.1 DNSKEY ma

To properly diagnose UDP message size issues you need +ignore +notcp on
the command line. (You actually need both options to stop dig using TCP in
all situations.) The response you pasted looked to me like what I get when
dig retries over TCP (except the "Truncated, retrying" notice was
omitted).

> ; EDNS: version: 0, flags: do; udp: 1432

Weirdly, the DO flag here implies you added the +dnssec option but it
wasn't mentioned on the command line.

> You can see here this BIND 9.11 server returning a fragmented answer (precisely
> what we wanted to avoid with edns-udp-size):

Mark answered this part of the question, but I recommend also using
minimal-responses and minimal-any to further reduce the need for
fragmentation or truncation.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Lough Foyle to Carlingford Lough: Southwest 4 or 5, backing south 7 to severe
gale 9, then veering southwest 5 to 7 later. Slight or moderate at first in
east, otherwise moderate or rough, occasionally very rough for a time. Fair
then rain, showers later. Good becoming moderate or poor for a time.