Re: [nznog] Did DNS replies for outlook.office365.com increase in size on Friday?

On 22 Sep 2014, at 3:44, Roland Dobbins wrote:

On Sep 22, 2014, at 2:29 PM, Michael Fincham wrote:

...

Several others replied with information on the responses they saw from their locations, some hovering just below the 500 byte mark and some either side of 200 bytes. It seems there is some inconsistency or "load balancing" going on :)

The key is to ensure that end-customers (and network operators!) don't filter out

53/udp

DNS replies larger than 512 bytes in size,

and also make sure they allow 53/tcp as well, since TCP transport is a requirement for the DNS protocol and not just for zone transfers,

so that they can receive EDNS0 and DNSSEC (which requires EDNS0) replies.

and other things that result in large responses. Note that for 53/udp transport the 512-byte limit is for the DNS message, and hence doesn't include the UDP and IP headers. Joe