DNS/dns-operations/2019について、ここに記述してください。

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018259.html

Verisign TLDs, some other servers may trim critical glue from very large referrals Matt Nordhoff lists at mn0.us Fri Jan 4 12:33:47 UTC 2019

$ dig +bufsize=512 +dnssec +norecurse @b.edu-servers.net chattanoogastate.edu

1. 512

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018270.html

Some authoritative servers honor ICMP requests to lower the path MTU to very small values (which is why I think a client-side workaround is rather incomplete). 512 is just the lowest value you can use.

> Also, the proper protection against the Shulman fragmentation attack > is DNSSEC.

This is not something a CA can enable, though.

Thanks, Florian

<< <  2024 / 6 >  >>
Mon Tue Wed Thu Fri Sat Sun
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30