Code: Select all
success resolving 'whateverdomain/A' (in 'whateverdomain?) after reducing the advertised EDNS UDP packet size to 512 octets.
EDNS UDP packets > 512 octets
EDNS UDP packets > 512 octets
I'm seeing syslog entries several times per day from bind9 along the lines of
Apparently I'm not allowed to post links, but a post on the ISC forum indicates we are probably not permitting UDP > 512 bytes through the firewall.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: EDNS UDP packets > 512 octets
In our experience it's usually a local net work router causing the problem, rather than an iptables firewall. Try the following with csf enabled and csf disabled:
Note the results. Then:
Then re-enable cxs:
You'll likely find that you get the same results, indicating a local network restriction rather than with the csf configured firewall:
https://www.dns-oarc.net/oarc/services/replysizetest/
Almost all servers that we test give the following result with or without csf enabled:
Code: Select all
dig @127.0.0.1 +short rs.dns-oarc.net txtCode: Select all
cxs -x
dig @127.0.0.1 +short rs.dns-oarc.net txtCode: Select all
cxs -ehttps://www.dns-oarc.net/oarc/services/replysizetest/
Almost all servers that we test give the following result with or without csf enabled:
Code: Select all
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"85.13.195.235 sent EDNS buffer size 4096"
"85.13.195.235 DNS reply size limit is at least 3843 bytes"