Am 01.03.2013 16:56, schrieb Robert Moskowitz: > I am having problems with EDNS support on a few Centos 6.3 bind > servers. I am trying to determine if the problem is my Juniper SSG5 > firewall of Centos. > > All the servers have firewall enabled, though I have tested with > stopping iptables and ip6tables. I am using tests from: > > https://www.dns-oarc.net/oarc/services/replysizetest > > dig @localhost +short rs.dns-oarc.net txt > > gets: > > ;; Truncated, retrying in TCP mode. > > Is anyone here running bind on their server and can run this command > from the server? If you are not getting this truncation, then my > problem is the firewall. If you are, then either you have figured out > the majic for Centos or something like that... With bind-9.3.6-20.P1.el5_8.6 on CentOS 5.9 behind a Juniper SSG140: [ts at dns01 ~]$ dig @localhost +short rs.dns-oarc.net txt rst.x996.rs.dns-oarc.net. rst.x1956.x996.rs.dns-oarc.net. rst.x2442.x1956.x996.rs.dns-oarc.net. "Tested at 2013-03-01 16:18:18 UTC" "x.x.x.3 sent EDNS buffer size 4096" "x.x.x.3 DNS reply size limit is at least 2442" [ts at dns01 ~]$ IPv6 works equally well: [ts at dns01 ~]$ dig @localhost6 +short rs.dns-oarc.net txt rst.x3827.rs.dns-oarc.net. rst.x4049.x3827.rs.dns-oarc.net. rst.x4055.x4049.x3827.rs.dns-oarc.net. "x:x:x:x:x:x:x:7509 sent EDNS buffer size 4096" "x:x:x:x:x:x:x:7509 DNS reply size limit is at least 4055" "Tested at 2013-03-01 16:21:29 UTC" [ts at dns01 ~]$ -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130301/6d3e532d/attachment-0005.sig>