DNS/dns-operations/2019 - moin.dnsq.info

DNS/dns-operations/2019について、ここに記述してください。

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018259.html

Verisign TLDs, some other servers may trim critical glue from very large referrals Matt Nordhoff lists at mn0.us Fri Jan 4 12:33:47 UTC 2019

$ dig +bufsize=512 +dnssec +norecurse @b.edu-servers.net chattanoogastate.edu

1. 512

https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018270.html

Some authoritative servers honor ICMP requests to lower the path MTU to very small values (which is why I think a client-side workaround is rather incomplete). 512 is just the lowest value you can use.

> Also, the proper protection against the Shulman fragmentation attack > is DNSSEC.

This is not something a CA can enable, though.

Thanks, Florian

<< < 2025 / 7 > >>
Mon	Tue	Wed	Thu	Fri	Sat	Sun
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

<< < 2025 / 7 > >>
Mon	Tue	Wed	Thu	Fri	Sat	Sun
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

<< < 2025 / 7 > >>
Mon	Tue	Wed	Thu	Fri	Sat	Sun
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

MoinQ: DNS/dns-operations/2019

1. 512

<< < 2025 / 7 > >>
Mon	Tue	Wed	Thu	Fri	Sat	Sun
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31