What is the name of the domain?
frissly.hu
What is the error number?
read below
What is the error message?
When testing DNSSEC with tools like DNSViz, I receive the following errors and warnings related to UDP payload size and PMTU: UDP Packet Size Exceeded: The test results indicate that the DNSKEY response is too large for the UDP packet, resulting in truncation. The specific error message says: “No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size.” DNSSEC Packet Size Issues: The DNSKEY record generated by Cloudflare (Algorithm 8, RSA/SHA-256, Key Tag 46162, Digest Type SHA-256) may be contributing to the issue because of its large response size, which seems to be too big for a UDP packet without truncation.
What is the issue you’re encountering
The DNSKEY record generated by Cloudflare (Algorithm 8, RSA/SHA-256, Key Tag 46162, Digest Type SHA-256) may be contributing to the issue because of its large response size, which seems to be too big for a UDP packet without truncation.
What steps have you taken to resolve the issue?
Verified DS Record Accuracy:
I have double-checked that the DS record in Forpsi matches exactly with what Cloudflare provided, including the Key Tag, Algorithm, Digest Type, and Digest.
Temporarily Disabled DNSSEC for Testing:
I tried disabling DNSSEC temporarily in Cloudflare to see if the issues would resolve, and my site became accessible without DNSSEC enabled. However, I would prefer to have DNSSEC enabled for security purposes.
Checked for TCP Fallback:
I understand that some DNS resolvers can retry with TCP if UDP truncates the response, but I’m unsure if this applies here or if I can configure this on my end.
What feature, service or problem is this related to?
DNSSEC