Mailing List Archive

1 2 3 4 5 6 7 8 9  View All
Re: Common operational misconceptions [ In reply to ]
A few for me that come to mind which haven't been covered yet.

*) Latency, jitter, etc when pinging a router means packets going
through the router suffer the same fate.

Never fails that I get a call about the latency changes that occur every
60 seconds, especially on software based routers. uh, huh.

*) admin/admin is okay in a private network behind a firewall

Oh, look, a console port!

*) Assign arbitrary MTUs in a layer 2 transport network based on exactly
what customers order.

*) MTU/packet/frame/ping size means the same thing on all vendors.

*) If Wireshark looks right, it must be right (unless Windows discarded
1 (and only 1) layer of 802.1q tags)

*) Upgrades should always be done, even when there's no relevant
security or functionality that is needed in newer code.

Amazing how many code changes break things which don't necessarily show
up in test environments but will show in production networks (Your mpls
worked for months with an invalid router-id configured, and then broke
when you change codes? DHCP worked fine, but after upgrade quit
accepting <300 byte DHCP packets?).


Jack
Re: Common operational misconceptions [ In reply to ]
In message <4F3C2E47.80903@dougbarton.us>, Doug Barton writes:
>
> DNS only uses UDP
> DNS only uses 512 byte UDP packets
>
> or maybe just..
>
> DNS is easy

Or that it is correct/does no harm to filter fragmented packet / icmp.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Re: Common operational misconceptions [ In reply to ]
Something that makes me crawl out of my skin is when they refer to an access point as "router".

-Mario Eirea

On Feb 15, 2012, at 3:47 PM, "John Kristoff" <jtk@cymru.com> wrote:

> Hi friends,
>
> As some of you may know, I occasionally teach networking to college
> students and I frequently encounter misconceptions about some aspect
> of networking that can take a fair amount of effort to correct.
>
> For instance, a topic that has come up on this list before is how the
> inappropriate use of classful terminology is rampant among students,
> books and often other teachers. Furthermore, the terminology isn't even
> always used correctly in the original context of classful addressing.
>
> I have a handful of common misconceptions that I'd put on a top 10 list,
> but I'd like to solicit from this community what it considers to be the
> most annoying and common operational misconceptions future operators
> often come at you with.
>
> I'd prefer replies off-list and can summarize back to the list if
> there is interest.
>
> John
>
Re: Common operational misconceptions [ In reply to ]
I whole-heartedly agree with that last one.

-Grant

On Wed, Feb 15, 2012 at 8:07 PM, Mario Eirea <meirea@charterschoolit.com>wrote:

> Something that makes me crawl out of my skin is when they refer to an
> access point as "router".
>
> -Mario Eirea
>
> On Feb 15, 2012, at 3:47 PM, "John Kristoff" <jtk@cymru.com> wrote:
>
> > Hi friends,
> >
> > As some of you may know, I occasionally teach networking to college
> > students and I frequently encounter misconceptions about some aspect
> > of networking that can take a fair amount of effort to correct.
> >
> > For instance, a topic that has come up on this list before is how the
> > inappropriate use of classful terminology is rampant among students,
> > books and often other teachers. Furthermore, the terminology isn't even
> > always used correctly in the original context of classful addressing.
> >
> > I have a handful of common misconceptions that I'd put on a top 10 list,
> > but I'd like to solicit from this community what it considers to be the
> > most annoying and common operational misconceptions future operators
> > often come at you with.
> >
> > I'd prefer replies off-list and can summarize back to the list if
> > there is interest.
> >
> > John
> >
>
>
Re: Common operational misconceptions [ In reply to ]
On 2012.02.15 19:55, Nathan Eisenberg wrote:
>> IPv6 is operational.
>
> How is this a misconception? It works fine for me...

Imagine an operator who is v6 ignorant, with a home provider who
implements v6 half-assed, and tries to access a v6 site that has perhaps
v6-only accessible nameservers, when their provider who 'offers' v6 has
resolvers that operate only over v4.

*huge* misconception about the operational status of IPv6 (imho).

Steve
Re: Common operational misconceptions [ In reply to ]
On 2012.02.15 19:19, Masataka Ohta wrote:

> IPv6 is operational.

This is an intriguing statement. Any ops/eng I know who have claimed
this, actually know what they are talking about, so it is factual. I've
never heard anyone claim this in a way that could be a misconception.

I state further in this sub-thread how the opposite could be true though :)

Steve
Re: Common operational misconceptions [ In reply to ]
On Wed, Feb 15, 2012 at 5:49 PM, Carsten Bormann <cabo@tzi.org> wrote:
> On Feb 15, 2012, at 23:36, Chuck Anderson wrote:
>
>> security
>
> That must be the top of the list:

as a segue to....

> NATs provide security
Re: Common operational misconceptions [ In reply to ]
In message <4F3C6703.4050607@gmail.com>, Steve Bertrand writes:
> On 2012.02.15 19:55, Nathan Eisenberg wrote:
> >> IPv6 is operational.
> >
> > How is this a misconception? It works fine for me...
>
> Imagine an operator who is v6 ignorant, with a home provider who
> implements v6 half-assed, and tries to access a v6 site that has perhaps
> v6-only accessible nameservers, when their provider who 'offers' v6 has
> resolvers that operate only over v4.
>
> *huge* misconception about the operational status of IPv6 (imho).

This doesn't prove that IPv6 is not operational. All it proves is
people can misconfigure things. If you provide the recursive
nameservers with IPv6 access they will make queries over IPv6 even
if they only accept queries over IPv4.

If you want to know if your resolver talks IPv6 to the world and
supports 4096 EDNS UDP messages the following query will tell you.

dig edns-v6-ok.isc.org txt

Similarly for IPv4.

dig edns-v4-ok.isc.org txt

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Re: Common operational misconceptions [ In reply to ]
Mark Andrews wrote:

> This doesn't prove that IPv6 is not operational. All it proves is
> people can misconfigure things.

How do operators configure their equipments to treat
ICMP packet too big generated against multicast and
unicast?

Note that, even if they do not enable inter-subnet
multicast in their domains, the ICMP packets may
still transit over or implode within their domains.

Note also that some network processors can't efficiently
distinguish ICMP packets generated against multicast and
unicast.

Masataka Ohta
Re: Common operational misconceptions [ In reply to ]
Not understanding RFC1918. Actually got read the riot act by someone
because I worked for an organization that used 10.0.0.0/8 and that was
"their" network and "they" owned it.

Chuck

2012/2/15 Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

> Mark Andrews wrote:
>
> > This doesn't prove that IPv6 is not operational. All it proves is
> > people can misconfigure things.
>
> How do operators configure their equipments to treat
> ICMP packet too big generated against multicast and
> unicast?
>
> Note that, even if they do not enable inter-subnet
> multicast in their domains, the ICMP packets may
> still transit over or implode within their domains.
>
> Note also that some network processors can't efficiently
> distinguish ICMP packets generated against multicast and
> unicast.
>
> Masataka Ohta
>
>
Re: Common operational misconceptions [ In reply to ]
In message <4F3C76D5.9040603@necom830.hpcl.titech.ac.jp>, Masataka Ohta writes:
> Mark Andrews wrote:
>
> > This doesn't prove that IPv6 is not operational. All it proves is
> > people can misconfigure things.
>
> How do operators configure their equipments to treat
> ICMP packet too big generated against multicast and
> unicast?

Well you need to go out of your way to get a ICMP PTB for IPv6
multicast as the default is to fragment multicast packets at the
source at network minimum mtu (RFC3542 - May 2003). That's not to
say it won't happen.

As for generation of PTB you rate limit them the way you do for
IPv4.

> Note that, even if they do not enable inter-subnet
> multicast in their domains, the ICMP packets may
> still transit over or implode within their domains.
>
> Note also that some network processors can't efficiently
> distinguish ICMP packets generated against multicast and
> unicast.

And why do you need to distingish them? You look at the inner
packet not the ICMP source if you want to rate limit return traffic.

> Masataka Ohta
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Re: Common operational misconceptions [ In reply to ]
On 2012.02.15 22:12, Mark Andrews wrote:
> In message<4F3C6703.4050607@gmail.com>, Steve Bertrand writes:
>> On 2012.02.15 19:55, Nathan Eisenberg wrote:
>>>> IPv6 is operational.
>>>
>>> How is this a misconception? It works fine for me...
>>
>> Imagine an operator who is v6 ignorant, with a home provider who
>> implements v6 half-assed, and tries to access a v6 site that has perhaps
>> v6-only accessible nameservers, when their provider who 'offers' v6 has
>> resolvers that operate only over v4.
>>
>> *huge* misconception about the operational status of IPv6 (imho).
>
> This doesn't prove that IPv6 is not operational. All it proves is
> people can misconfigure things. If you provide the recursive
> nameservers with IPv6 access they will make queries over IPv6 even
> if they only accept queries over IPv4.
>
> If you want to know if your resolver talks IPv6 to the world and
> supports 4096 EDNS UDP messages the following query will tell you.
>
> dig edns-v6-ok.isc.org txt
>
> Similarly for IPv4.
>
> dig edns-v4-ok.isc.org txt

Thank you :)

Steve
Re: Common operational misconceptions [ In reply to ]
"IS-IS is a legacy protocol that nobody uses"


15.02.2012 22:47, John Kristoff kirjoitti:
> Hi friends,
>
> As some of you may know, I occasionally teach networking to college
> students and I frequently encounter misconceptions about some aspect
> of networking that can take a fair amount of effort to correct.
>
> For instance, a topic that has come up on this list before is how the
> inappropriate use of classful terminology is rampant among students,
> books and often other teachers. Furthermore, the terminology isn't even
> always used correctly in the original context of classful addressing.
>
> I have a handful of common misconceptions that I'd put on a top 10 list,
> but I'd like to solicit from this community what it considers to be the
> most annoying and common operational misconceptions future operators
> often come at you with.
>
> I'd prefer replies off-list and can summarize back to the list if
> there is interest.
>
> John
>
RE: Common operational misconceptions [ In reply to ]
How widespread would you say the use of IS-IS is?

Even more as to which routing protocols are used, not just in ISPs, what
percent would you give to the various ones. In other words X percent of
organizations use OSPS, Y percent use EIGRP, and so on.

-----Original Message-----
From: Antti Ristimäki [mailto:antti.ristimaki@gmx.com]
Sent: Wednesday, February 15, 2012 10:47 PM
To: John Kristoff
Cc: nanog@nanog.org
Subject: Re: Common operational misconceptions

"IS-IS is a legacy protocol that nobody uses"


15.02.2012 22:47, John Kristoff kirjoitti:
> Hi friends,
>
> As some of you may know, I occasionally teach networking to college
> students and I frequently encounter misconceptions about some aspect
> of networking that can take a fair amount of effort to correct.
>
> For instance, a topic that has come up on this list before is how the
> inappropriate use of classful terminology is rampant among students,
> books and often other teachers. Furthermore, the terminology isn't
> even always used correctly in the original context of classful addressing.
>
> I have a handful of common misconceptions that I'd put on a top 10
> list, but I'd like to solicit from this community what it considers to
> be the most annoying and common operational misconceptions future
> operators often come at you with.
>
> I'd prefer replies off-list and can summarize back to the list if
> there is interest.
>
> John
>
Re: Common operational misconceptions [ In reply to ]
On 2/15/12 21:04 , Kenneth M. Chipps Ph.D. wrote:
> How widespread would you say the use of IS-IS is?
>
> Even more as to which routing protocols are used, not just in ISPs, what
> percent would you give to the various ones. In other words X percent of
> organizations use OSPS, Y percent use EIGRP, and so on.

Using EIGRP implies your routed IGP dependent infrastructure is a
monoculture. That's probably infeasible without compromise even if you
are largely a Cisco shop.

ISIS is used in organizations other than ISPs.

> -----Original Message-----
> From: Antti Ristimäki [mailto:antti.ristimaki@gmx.com]
> Sent: Wednesday, February 15, 2012 10:47 PM
> To: John Kristoff
> Cc: nanog@nanog.org
> Subject: Re: Common operational misconceptions
>
> "IS-IS is a legacy protocol that nobody uses"
>
>
> 15.02.2012 22:47, John Kristoff kirjoitti:
>> Hi friends,
>>
>> As some of you may know, I occasionally teach networking to college
>> students and I frequently encounter misconceptions about some aspect
>> of networking that can take a fair amount of effort to correct.
>>
>> For instance, a topic that has come up on this list before is how the
>> inappropriate use of classful terminology is rampant among students,
>> books and often other teachers. Furthermore, the terminology isn't
>> even always used correctly in the original context of classful addressing.
>>
>> I have a handful of common misconceptions that I'd put on a top 10
>> list, but I'd like to solicit from this community what it considers to
>> be the most annoying and common operational misconceptions future
>> operators often come at you with.
>>
>> I'd prefer replies off-list and can summarize back to the list if
>> there is interest.
>>
>> John
>>
>
>
>
>
>
>
RE: Common operational misconceptions [ In reply to ]
"ISIS is used in organizations other than ISPs" Any examples you can share
of some other than ISPs?

-----Original Message-----
From: Joel jaeggli [mailto:joelja@bogus.com]
Sent: Wednesday, February 15, 2012 11:58 PM
To: Kenneth M. Chipps Ph.D.
Cc: nanog@nanog.org
Subject: Re: Common operational misconceptions

On 2/15/12 21:04 , Kenneth M. Chipps Ph.D. wrote:
> How widespread would you say the use of IS-IS is?
>
> Even more as to which routing protocols are used, not just in ISPs,
> what percent would you give to the various ones. In other words X
> percent of organizations use OSPS, Y percent use EIGRP, and so on.

Using EIGRP implies your routed IGP dependent infrastructure is a
monoculture. That's probably infeasible without compromise even if you are
largely a Cisco shop.

ISIS is used in organizations other than ISPs.

> -----Original Message-----
> From: Antti Ristimäki [mailto:antti.ristimaki@gmx.com]
> Sent: Wednesday, February 15, 2012 10:47 PM
> To: John Kristoff
> Cc: nanog@nanog.org
> Subject: Re: Common operational misconceptions
>
> "IS-IS is a legacy protocol that nobody uses"
>
>
> 15.02.2012 22:47, John Kristoff kirjoitti:
>> Hi friends,
>>
>> As some of you may know, I occasionally teach networking to college
>> students and I frequently encounter misconceptions about some aspect
>> of networking that can take a fair amount of effort to correct.
>>
>> For instance, a topic that has come up on this list before is how the
>> inappropriate use of classful terminology is rampant among students,
>> books and often other teachers. Furthermore, the terminology isn't
>> even always used correctly in the original context of classful
addressing.
>>
>> I have a handful of common misconceptions that I'd put on a top 10
>> list, but I'd like to solicit from this community what it considers
>> to be the most annoying and common operational misconceptions future
>> operators often come at you with.
>>
>> I'd prefer replies off-list and can summarize back to the list if
>> there is interest.
>>
>> John
>>
>
>
>
>
>
>
Re: Common operational misconceptions [ In reply to ]
Mark Andrews wrote:

> Well you need to go out of your way to get a ICMP PTB for IPv6
> multicast as the default is to fragment multicast packets at the
> source at network minimum mtu (RFC3542 - May 2003). That's not to
> say it won't happen.

Yes, it will happen, because RFC3542 was, as was discussed
in IETF, written not to prohibit multicast PMTUD.

So, the problem is real.

> As for generation of PTB you rate limit them the way you do for
> IPv4.

A problem is that a lot of ICMP packet too big against unicast
is generated, because PMTUD requires hosts periodically try to
send a packet a little larger than the current PMTU.

BTW, that's why IPv6, which inhibit fragmentation by routers,
is no better than IPv4 with fragmentation enabled, because,
periodic generation of ICMP packet too big by routers is as
painful as periodic fragmentation by routers.

>> Note also that some network processors can't efficiently
>> distinguish ICMP packets generated against multicast and
>> unicast.

> And why do you need to distingish them?

We don't need to. Instead, we can just give up to use PMTUD
entirely and just send packets of 1280B or less. A problem
is that a tunnel over 1280B PMTU must always fragment 1280B
payload.

> You look at the inner
> packet not the ICMP source if you want to rate limit return traffic.

That is a possible problem.

Destination address of inner packet is located far inside
of the ICMP (beyond 64B) that it can not be used for
intrinsic filtering capability of some network processors.

Masataka Ohta
Re: Common operational misconceptions [ In reply to ]
Some recent questions from interview and lab sessions I took.

- I've allowed vlan X on trunk but still its not working? why do I have to
create it on every switch?
- any-any rules on firewall with AV enabled is better.
- ACL inboud/outbout misconcept. Always end up cutting the rope.
- BGP is for ISPs only.
- MPLS is for security and is fast.

Regards,

Aftab A. Siddiqui


On Thu, Feb 16, 2012 at 11:00 AM, Kenneth M. Chipps Ph.D. <chipps@chipps.com
> wrote:

> "ISIS is used in organizations other than ISPs" Any examples you can share
> of some other than ISPs?
>
> -----Original Message-----
> From: Joel jaeggli [mailto:joelja@bogus.com]
> Sent: Wednesday, February 15, 2012 11:58 PM
> To: Kenneth M. Chipps Ph.D.
> Cc: nanog@nanog.org
> Subject: Re: Common operational misconceptions
>
> On 2/15/12 21:04 , Kenneth M. Chipps Ph.D. wrote:
> > How widespread would you say the use of IS-IS is?
> >
> > Even more as to which routing protocols are used, not just in ISPs,
> > what percent would you give to the various ones. In other words X
> > percent of organizations use OSPS, Y percent use EIGRP, and so on.
>
> Using EIGRP implies your routed IGP dependent infrastructure is a
> monoculture. That's probably infeasible without compromise even if you are
> largely a Cisco shop.
>
> ISIS is used in organizations other than ISPs.
>
> > -----Original Message-----
> > From: Antti Ristimäki [mailto:antti.ristimaki@gmx.com]
> > Sent: Wednesday, February 15, 2012 10:47 PM
> > To: John Kristoff
> > Cc: nanog@nanog.org
> > Subject: Re: Common operational misconceptions
> >
> > "IS-IS is a legacy protocol that nobody uses"
> >
> >
> > 15.02.2012 22:47, John Kristoff kirjoitti:
> >> Hi friends,
> >>
> >> As some of you may know, I occasionally teach networking to college
> >> students and I frequently encounter misconceptions about some aspect
> >> of networking that can take a fair amount of effort to correct.
> >>
> >> For instance, a topic that has come up on this list before is how the
> >> inappropriate use of classful terminology is rampant among students,
> >> books and often other teachers. Furthermore, the terminology isn't
> >> even always used correctly in the original context of classful
> addressing.
> >>
> >> I have a handful of common misconceptions that I'd put on a top 10
> >> list, but I'd like to solicit from this community what it considers
> >> to be the most annoying and common operational misconceptions future
> >> operators often come at you with.
> >>
> >> I'd prefer replies off-list and can summarize back to the list if
> >> there is interest.
> >>
> >> John
> >>
> >
> >
> >
> >
> >
> >
>
>
>
>
>
Re: Common operational misconceptions [ In reply to ]
On Feb 15, 2012, at 12:47 PM, John Kristoff wrote:

> Hi friends,
>
> As some of you may know, I occasionally teach networking to college
> students and I frequently encounter misconceptions about some aspect
> of networking that can take a fair amount of effort to correct.
>
> For instance, a topic that has come up on this list before is how the
> inappropriate use of classful terminology is rampant among students,
> books and often other teachers. Furthermore, the terminology isn't even
> always used correctly in the original context of classful addressing.
>
> I have a handful of common misconceptions that I'd put on a top 10 list,
> but I'd like to solicit from this community what it considers to be the
> most annoying and common operational misconceptions future operators
> often come at you with.
>
> I'd prefer replies off-list and can summarize back to the list if
> there is interest.
>
> John

I think one of the most damaging fundamental misconceptions which is
not only rampant among students, but, also enterprise IT professionals
is the idea that NAT is a security tool and the inability to conceive of the
separation between NAT (header mutilation) and Stateful Inspection
(policy enforcement).

Owen
Re: Common operational misconceptions [ In reply to ]
On Feb 15, 2012, at 6:16 PM, Steve Bertrand wrote:

> On 2012.02.15 19:55, Nathan Eisenberg wrote:
>>> IPv6 is operational.
>>
>> How is this a misconception? It works fine for me...
>
> Imagine an operator who is v6 ignorant, with a home provider who implements v6 half-assed, and tries to access a v6 site that has perhaps v6-only accessible nameservers, when their provider who 'offers' v6 has resolvers that operate only over v4.
>
> *huge* misconception about the operational status of IPv6 (imho).
>
> Steve

By that definition, IPv4 is non-operational.

You can break anything if you try hard enough.

Owen
Re: Common operational misconceptions [ In reply to ]
On 16/02/2012 07:45, Owen DeLong wrote:
>
> On Feb 15, 2012, at 6:16 PM, Steve Bertrand wrote:
>
>> On 2012.02.15 19:55, Nathan Eisenberg wrote:
>>>> IPv6 is operational.
>>>
>>> How is this a misconception? It works fine for me...
>>
>> Imagine an operator who is v6 ignorant, with a home provider who implements v6 half-assed, and tries to access a v6 site that has perhaps v6-only accessible nameservers, when their provider who 'offers' v6 has resolvers that operate only over v4.
>>
>> *huge* misconception about the operational status of IPv6 (imho).
>>
>> Steve
>
> By that definition, IPv4 is non-operational.
>
> You can break anything if you try hard enough.

This being well demonstrated by most of the "Internet" access provided
by hotels, for example.

--
Paul
Re: Common operational misconceptions [ In reply to ]
On 15 Feb 2012, at 20:50, "John Kristoff" <jtk@cymru.com> wrote:

> Hi friends,
>
> As some of you may know, I occasionally teach networking to college
> students and I frequently encounter misconceptions about some aspect
> of networking that can take a fair amount of effort to correct.
>
> For instance, a topic that has come up on this list before is how the
> inappropriate use of classful terminology is rampant among students,
> books and often other teachers. Furthermore, the terminology isn't even
> always used correctly in the original context of classful addressing.

When I took an A level computing course in the 90s the course material still talked about primary stor and backing stor, batch jobs and the like...

Needless to say I quit in disgust but the point is that the people who write these courses are often woefully out of touch.

--
Leigh


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
Re: Common operational misconceptions [ In reply to ]
> When I took an A level computing course in the 90s the course material
> still talked about primary stor and backing stor, batch jobs and the
> like...

I was working with a lot of batch jobs in my first development role in 1993, and still supporting overnight scheduling to make best use of the Cray by 1999. I still leave the occasional big data set crunching overnight now. I'll grant you it's not exactly mainstream computing, but it's not exactly up there with drum memory either...

The concept that a computer can do things when a person isn't there, or without the need for clicking things, is probably not a bad one to impart.

Regards,
Tim.
Re: Common operational misconceptions [ In reply to ]
This isn't so much a list of misconceptions that recent students have as a list of misconceptions that security management have…

On 15 Feb 2012, at 22:52, Rich Kulawiec wrote:

> ICMP is evil.
> Firewalls can be configured default-permit.
> Firewalls can be configured unidirectionally.
> Firewalls will solve our security issues.
> Antivirus will solve our security issues.
> IDS/IPS will solve our security issues.
> Audits and checklists will solve our security issues.
> Our network will never emit abuse or attacks.
> Our users can be trained.
> We must do something; this is something; let's do this.
> We can add security later.
> We're not a target.
> We don't need to read our logs.
> What logs?
>
> (with apologies to Marcus Ranum, from whom I've shamelessly
> cribbed several of these)
>
> ---rsk
>
Re: Common operational misconceptions [ In reply to ]
> If you want to know if your resolver talks IPv6 to the world and
> supports 4096 EDNS UDP messages the following query will tell you.
>
> dig edns-v6-ok.isc.org txt
>
> Similarly for IPv4.
>
> dig edns-v4-ok.isc.org txt

Both PowerDNS recursor 3.3 and Nominum CNS 3.0.5 have problems
with these queries. They both get the TC answer from 149.20.64.58 /
2001:4f8:0:2::8. Then:

- CNS tries with 4000 EDNS UDP size (4000 is the CNS documented max
UDP size), gets another TC.

- PowerDNS doesn't try to used EDNS at all.

Then they both try TCP and get a RST. And then they return SERVFAIL.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no

1 2 3 4 5 6 7 8 9  View All