Carsten Strotmann on Nostr: Strange: Dyn authoritative DNS servers signal a max UDP response size of 1232 bytes, ...
Strange: Dyn authoritative DNS servers signal a max UDP response size of 1232 bytes, but serve UDP responses larger than that (which creates fragmentation, can result in security or operational issues):
$ dig -4 @ns1.p04.dynect.net. oracle.com txt +bufsize=4096
[…]
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
[…]
;; SERVER: 108.59.161.4#53(108.59.161.4)
;; WHEN: Fri Jun 02 07:20:17 UTC 2023
;; MSG SIZE rcvd: 3082
#dns #security
$ dig -4 @ns1.p04.dynect.net. oracle.com txt +bufsize=4096
[…]
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
[…]
;; SERVER: 108.59.161.4#53(108.59.161.4)
;; WHEN: Fri Jun 02 07:20:17 UTC 2023
;; MSG SIZE rcvd: 3082
#dns #security