[CentOS] EDNS support
Robert Moskowitz
rgm at htt-consult.com
Fri Mar 1 16:39:37 UTC 2013
On 03/01/2013 11:25 AM, Tilman Schmidt wrote:
> Am 01.03.2013 16:56, schrieb Robert Moskowitz:
>> I am having problems with EDNS support on a few Centos 6.3 bind
>> servers. I am trying to determine if the problem is my Juniper SSG5
>> firewall of Centos.
>>
>> All the servers have firewall enabled, though I have tested with
>> stopping iptables and ip6tables. I am using tests from:
>>
>> https://www.dns-oarc.net/oarc/services/replysizetest
>>
>> dig @localhost +short rs.dns-oarc.net txt
>>
>> gets:
>>
>> ;; Truncated, retrying in TCP mode.
>>
>> Is anyone here running bind on their server and can run this command
>> from the server? If you are not getting this truncation, then my
>> problem is the firewall. If you are, then either you have figured out
>> the majic for Centos or something like that...
> With bind-9.3.6-20.P1.el5_8.6 on CentOS 5.9 behind a Juniper SSG140:
>
> [ts at dns01 ~]$ dig @localhost +short rs.dns-oarc.net txt
> rst.x996.rs.dns-oarc.net.
> rst.x1956.x996.rs.dns-oarc.net.
> rst.x2442.x1956.x996.rs.dns-oarc.net.
> "Tested at 2013-03-01 16:18:18 UTC"
> "x.x.x.3 sent EDNS buffer size 4096"
> "x.x.x.3 DNS reply size limit is at least 2442"
> [ts at dns01 ~]$
>
> IPv6 works equally well:
>
> [ts at dns01 ~]$ dig @localhost6 +short rs.dns-oarc.net txt
> rst.x3827.rs.dns-oarc.net.
> rst.x4049.x3827.rs.dns-oarc.net.
> rst.x4055.x4049.x3827.rs.dns-oarc.net.
> "x:x:x:x:x:x:x:7509 sent EDNS buffer size 4096"
> "x:x:x:x:x:x:x:7509 DNS reply size limit is at least 4055"
> "Tested at 2013-03-01 16:21:29 UTC"
> [ts at dns01 ~]$
As I said, mine is the Juniper SSG5. I do have current firmware
(supposedly) on it to fix an IPv6 outbound routing problem.
SSG140 runs a different OS.
More information about the CentOS
mailing list