The below tests indicate the the google public dns servers will start
failing, at that time.
Will the software be updated in time?
The first test shows a bind 9.6.1 server that does support EDNS.
]# dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2010-04-14 18:16:23 UTC"
"216.240.0.1 sent EDNS buffer size 4096"
"216.240.0.1 DNS reply size limit is at least 3843"
The following tests show the google public dns servers cannot
handle larger replies ...
# dig @8.8.8.8 +short rs.dns-oarc.net txt
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"74.125.94.94 DNS reply size limit is at least 490"
"74.125.94.94 lacks EDNS, defaults to 512"
"Tested at 2010-04-14 18:16:34 UTC"
# dig @8.8.4.4 +short rs.dns-oarc.net txt
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"74.125.94.94 DNS reply size limit is at least 490"
"74.125.94.94 lacks EDNS, defaults to 512"
"Tested at 2010-04-14 18:16:34 UTC"
Regards, Dave Hodgins
As per http://www.theregister.co.uk/2010/04/13/dnssec/
on May 5th, the root servers will start returning signed dns
replies.
The below tests indicate the the google public dns servers will start
failing, at that time.
--
========================================================
You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dn...@googlegroups.com
To unsubscribe from this group, send email to
public-dns-disc...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/public-dns-discuss?hl=en
For more information on Google Public DNS, please visit
http://code.google.com/speed/public-dns
========================================================
To unsubscribe, reply using "remove me" as the subject.
On Apr 14, 3:15 pm, Alex Nizhner <nizh...@google.com> wrote:
> The signed root zone won't break Google Public DNS. We do support EDNS0,
> but don't always advertise larger buffer sizes to authorities unless
> necessary (e.g., try the oarc test with +dnssec).
Ok, thanks for the reply. Testing with +dnssec shows
# dig @8.8.8.8 +dnssec +short rs.dns-oarc.net txt
rst.x1247.rs.dns-oarc.net.
rst.x1257.x1247.rs.dns-oarc.net.
rst.x1228.x1257.x1247.rs.dns-oarc.net.
"74.125.94.94 DNS reply size limit is at least 1257"
"74.125.94.94 sent EDNS buffer size 1280"
"Tested at 2010-04-14 19:18:24 UTC"
Thanks for the info.