DNS/dns-operations/2019について、ここに記述してください。

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018259.html

Verisign TLDs, some other servers may trim critical glue from very large referrals
Matt Nordhoff lists at mn0.us
Fri Jan 4 12:33:47 UTC 2019

{{{
$ dig +bufsize=512 +dnssec +norecurse @b.edu-servers.net chattanoogastate.edu
}}}



== 512 ==

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018270.html

Some authoritative servers honor ICMP requests to lower the path MTU to
very small values (which is why I think a client-side workaround is
rather incomplete).  512 is just the lowest value you can use.

> Also, the proper protection against the Shulman fragmentation attack
> is DNSSEC.

This is not something a CA can enable, though.

Thanks,
Florian

<<MonthCalendar(,,,,,False)>>