[Pdns-users] DNSSEC changes - May 5th

Barron, Josh jbarron at afsnetworks.com
Tue May 4 15:40:59 UTC 2010


Ah ok.  Bad me for not reading up further :(
Thanks for the clarification

-Josh


www.americanfibersystems.com

-----Original Message-----
From: bert hubert [mailto:bert.hubert at netherlabs.nl] 
Sent: Tuesday, May 04, 2010 9:29 AM
To: Barron, Josh
Cc: Pdns-users at mailman.powerdns.com
Subject: Re: [Pdns-users] DNSSEC changes - May 5th

Please read any of the following:

1) On www.powerdns.com, or directly
http://www.powerdns.com/news/PowerDNS-Rootservers.aspx

2)
http://mailman.powerdns.com/pipermail/pdns-users/2010-April/006674.html
"Repeated statement on non-impact of DNSSEC rollout on PowerDNS
Software".
This also links to the original explanation from March.

3)
https://lists.dns-oarc.net/pipermail/dns-operations/2010-April/005470.ht
ml
"PowerDNS & Most Other non-BIND Software Not Impacted by May 5th Root
Servers Event"

The OARC testing site is not clear on what its results mean. Its results
mean you would have a problem if you had been running BIND and were
seeing
these results. But you are not.

Kind regards,

Bert Hubert


On Tue, May 04, 2010 at 11:19:36AM -0400, Barron, Josh wrote:
> Hello all,
> 
>  
> 
> I've been asked to look into the issues stemming from the changes
being
> rolled out in a testing form at the root name servers starting May 5th
> and permanently applied on July 1st
> 
>  
> 
> >From my basic reading of the issue, it appears that packet reply
sizes
> will be much bigger starting May 5th, and some servers / routers &
> firewalls may not be equipped to handle it.
> 
>  
> 
> A test of our recursive server (running PDNS) shows it appears we are
> indeed affected by this.  Does anyone have any advice on what the
actual
> issue is?  Is it our servers, our router?  The information out there
is
> kind of vague at best.
> 
>  
> 
> Below (results of a test to our server using dig and another server):
> 
>  
> 
> [jbarron at ops-ns1-srv01 ~]$  dig +short rs.dns-oarc.net txt
> 
> rst.x476.rs.dns-oarc.net.
> 
> rst.x485.x476.rs.dns-oarc.net.
> 
> rst.x490.x485.x476.rs.dns-oarc.net.
> 
> "Tested at 2010-05-04 15:05:36 UTC"
> 
> "216.222.1.2 DNS reply size limit is at least 490"
> 
> "216.222.1.2 lacks EDNS, defaults to 512"
> 
>  
> 
> [jbarron at ops-ns1-srv01 ~]$  dig @4.2.2.2 +short rs.dns-oarc.net txt
> 
> rst.x3827.rs.dns-oarc.net.
> 
> rst.x3837.x3827.rs.dns-oarc.net.
> 
> rst.x3843.x3837.x3827.rs.dns-oarc.net.
> 
> "Tested at 2010-05-04 15:08:42 UTC"
> 
> "192.221.163.127 sent EDNS buffer size 4096"
> 
> "192.221.163.127 DNS reply size limit is at least 3843"
> 
>  
> 
>  
> 
> Thanks so much!
> 
> Josh Barron
> 
> American Fiber Systems 
> 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users




More information about the Pdns-users mailing list