DNS/dns-operations/2019について、ここに記述してください。

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018259.html

Verisign TLDs, some other servers may trim critical glue from very large referrals Matt Nordhoff lists at mn0.us Fri Jan 4 12:33:47 UTC 2019

$ dig +bufsize=512 +dnssec +norecurse @b.edu-servers.net chattanoogastate.edu

1. 512

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018270.html

Some authoritative servers honor ICMP requests to lower the path MTU to very small values (which is why I think a client-side workaround is rather incomplete). 512 is just the lowest value you can use.

> Also, the proper protection against the Shulman fragmentation attack > is DNSSEC.

This is not something a CA can enable, though.

Thanks, Florian

<< <  2024 / 12 >  >>
Mon Tue Wed Thu Fri Sat Sun
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31