test DNSSEC

Unanswered Question
Jun 14th, 2010
User Badges:

In july 2010, the servers DNS will be modify.


http://www.root-dnssec.org/


https://www.dns-oarc.net/oarc/services/replysizetest


On my LAN (PC win XP SP3 with firewall down and anti-virus down too), i tested this command:


nslookup -q=txt rs.dns-oarc.net


The answer is:


rst.x4001.rs.dns-oarc.net.
rst.x3985.x4001.rs.dns-oarc.net.
rst.x4023.x3985.x4001.rs.dns-oarc.net.
"192.168.1.1 sent EDNS buffer size 4096"
"192.168.1.1 DNS reply size limit is at least 3823 bytes"

How to know if my firewall on my cisco 851 is the cause. Normally, it must be upper to 4000 bytes and no 3823 bytes.

Yhank you for your answers.
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 06/14/2010 - 14:41
User Badges:
  • Cisco Employee,

I would check if I am inspecting dns on your 851.

I hope it helps.


PK

stephane.roque Sun, 06/20/2010 - 03:43
User Badges:

I found the answer.


My cisco is ok for the dnssec.


nslookup -q=txt rs.dns-oarc.net


The answer is:


rst.x4001.rs.dns-oarc.net.
rst.x3985.x4001.rs.dns-oarc.net.
rst.x4023.x3985.x4001.rs.dns-oarc.net.
"192.168.1.1 sent EDNS buffer size 4096"
"192.168.1.1 DNS reply size limit is at least 3823 bytes"

The DNS reply show an answer with 3823 bytes. It's the config DNS server for reply.

Actions

This Discussion