2

When I run the Network analyzer at http://netalyzr.icsi.berkeley.edu/ it reports:

The resolver at could not process the following tested types:

Medium (~1300B) TXT records
Large (~3000B) TXT records

It does not validate DNSSEC. It does not wildcard NXDOMAIN errors. The resolver reports a number of additional properties. Hide them.

Version: Microsoft DNS 6.1.7601 (1DB14556)

I have tried fixing the inability to resolve Medium and Large queries by setting MaximumUdpPacketSize to 4096 and rebooting (DNS Registry Entries). Changing that setting had no affect.

How do I fix both the record size issue and ability to validate DNSSEC while keeping all standard DNS functions working?

wfaulk
  • 6,828
  • 7
  • 45
  • 75
Pete
  • 21
  • 2
  • Can you elaborate more on what you're trying to accomplish? DNS usually connects over udp for small queries and uses tcp for larger queries. – bangdang May 03 '12 at 22:44
  • @bangdang As I mentioned in my question, I would like to be able to have my server resolve large records and validate DNSSEC. –  May 04 '12 at 15:24

1 Answers1

2

Large records (and the ability to respond to them) are handled using DNSSEC, which will allow packets bigger than 4000 to go over TCP. It is NOT enabled by default in 2008R2.

Here is Microsoft's walkthrough on how to enable DNSSEC for 2008R2 and Windows 7.

JohnThePro
  • 2,595
  • 14
  • 23