search for: replysizetest

...s with EDNS support on a few Centos 6.3 bind servers. I am trying to determine if the problem is my Juniper SSG5 firewall of Centos. All the servers have firewall enabled, though I have tested with stopping iptables and ip6tables. I am using tests from: https://www.dns-oarc.net/oarc/services/replysizetest dig @localhost +short rs.dns-oarc.net txt gets: ;; Truncated, retrying in TCP mode. Is anyone here running bind on their server and can run this command from the server? If you are not getting this truncation, then my problem is the firewall. If you are, then either you have figured out th...

...problems. The reason is that some older networking equipment is pre-configured to block any reply to a DNS request that exceeds 512 bytes in size. DNSSEC replies are typically four times as large. --- end excerpt --- I followed the link from the story to <https://www.dns-oarc.net/oarc/services/replysizetest>, a coordinating organization, and tried their test (as root): dig +short rs.dns-oarc.net txt And see that where I work, we're not ready. Is anyone following this, and/or have a HOWTO on enabling it for CentOS? mark (need to check this at home, too)