-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check UDP packet size #48
Comments
Currently I don't know how I would go about calculating this, especially when DNSSEC is used. So for now this isn't on my to do list, but I'll leave this issue open for tracking in case someone has ideas. |
Could you use this method on the response object from a query and set the max_size variable to see if it thows the "TooBig" exception? https://github.com/rthalley/dnspython/blob/5567d9dd529f2d9e0f63b461517ab68882c09597/dns/message.py#L394 ie:
|
Hi, I love this tool! It has saved me a bunch of headaches already, so thanks for sharing!
I believe checkdmarc doesn't actively check the DNS answer packet size? According to the RFC for SPF, it is recommended to keep the size of the UDP packet below 512 bytes (see https://tools.ietf.org/html/rfc7208 - paragraph 3.4 Record Size).
I know this is hard to calculate before hand (taking into account all variables, including other TXT records), but when checkdmarc queries the DNS, wouldn't it be able to show a warning if the answer is "too" large? "too" is quoted because this depends on whether or not the DNS implementation supports EDNS0 and/or DNS over TCP.
It would be a very nice addition to the tool and help people find issues with their SPF implementation!
Keep up the good work!
The text was updated successfully, but these errors were encountered: