Strange: Dyn authoritative DNS servers signal a max UDP response size of 1232 bytes, but serve UDP responses larger than that (which creates fragmentation, can result in security or operational issues):
$ dig -4 @ns1.p04.dynect.net. oracle.com txt +bufsize=4096
[…]
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
[…]
;; SERVER: 108.59.161.4#53(108.59.161.4)
;; WHEN: Fri Jun 02 07:20:17 UTC 2023
;; MSG SIZE rcvd: 3082
#dns #security
Carsten Strotmann /
npub14a…hvj5s
2023-06-02 07:26:12
Author Public Key
npub14a589zvw3wchjmhr9ex3m82fkd0fwcn5rnalfna9d89q7985zf8sehvj5sPublished at
2023-06-02 07:26:12Event JSON
{
"id": "1d1e7724ee60654c8d031e45b221d9ad76e0fa2498678ac780b3f0c9baa9d742",
"pubkey": "af6872898e8bb1796ee32e4d1d9d49b35e9762741cfbf4cfa569ca0f14f4124f",
"created_at": 1685690772,
"kind": 1,
"tags": [
[
"t",
"dns"
],
[
"t",
"security"
],
[
"mostr",
"https://mastodon.social/users/cstrotm/statuses/110473430460470376"
]
],
"content": "Strange: Dyn authoritative DNS servers signal a max UDP response size of 1232 bytes, but serve UDP responses larger than that (which creates fragmentation, can result in security or operational issues):\n\n$ dig -4 @ns1.p04.dynect.net. oracle.com txt +bufsize=4096\n[…]\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 1232\n[…]\n;; SERVER: 108.59.161.4#53(108.59.161.4)\n;; WHEN: Fri Jun 02 07:20:17 UTC 2023\n;; MSG SIZE rcvd: 3082\n\n#dns #security",
"sig": "4e78f96572cec4eac1533c2fc4d0fded920d3551d15fc6c806d347b08ef6dd51b98038351ea3f83c30f9e05231d81d079c5a61585b69a6f8a29427e0f72235fc"
}