RRSet size limitation lower than predicted by RDLENGTH field size
Tom Byrnes
tomb at threatstop.com
Mon Apr 21 01:49:59 UTC 2008
See below
-----Original Message-----
From: Danny Mayer [mailto:mayer at gis.net]
Sent: Sunday, April 20, 2008 6:05 PM
To: Tom Byrnes
Cc: bind-users at isc.org
Subject: Re: RRSet size limitation lower than predicted by RDLENGTH field
size
Tom Byrnes wrote:
> We're pushing the limits of RRSet sizes for A records in the responses to
> queries for our lists, but we're finding that the practical limit is much
> lower than that predicted in the binary message format specs.
>
What limits does you think you are pushing?
[Tom Byrnes] Maximum returned RRs in a single RRSet
> The octets in the RDLENGTH param (16 bit unsigned = 65535) should allow
> 16384 A records in a single RRSET using TCP, but the behavior we are
> observing in BIND is a limitation of 4096 A records.
>
Your calculations are wrong since there's additional information sent in
a DNS packet.
[Tom Byrnes] Actually, my calculations were wrong because I ascribed all the
returns for a single RRSet as being in one RDATA field in a single RR. When
I did it the RIGHT way, with each RR having its own full RR header, taking
into account the TCP message length field, I found exactly why I was running
into the limit.
In any case DNS usually uses UDP and not TCP.
[Tom Byrnes] That depends entirely on the size of the RRSet. TCP DNS has
been specified since RFC1035.
If the query
client supports it it will use EDNS0 to send the responses.
[Tom Byrnes] Much more recent, and not remotely large enough for our needs,
nor widely enough supported in our target platforms: firewalls.
In addition,
since you apparently have too many addresses to fit in a UDP packet are
exceeding the ability of the DNS to send it via UDP so it sends a
truncated flag to indicate the the client that it needs to retry with TCP.
[Tom Byrnes] That's handled natively in bind, first return in a UDP packet
with TC set, the client then retries with TCP.
> We're using Bind 9.4.1-P1 on Gentoo.
>
> Any ideas what's causing this, or how to fix it?
>
Why do you have so many address records for a single name?
[Tom Byrnes] Because there are, at any given moment, that many, or more,
active bots on the Internet.
Danny
[Tom Byrnes] Thanks for your response, and sorry for wasting the list's
time. I guess that, at least, next time someone googles BIND DNS TCP RRSET
record limitation, they will, unlike me, find an answer ;-)
> Thanks in advance.
>
> Tom Byrnes
> CTO
> ThreatSTOP
>
>
>
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 4/19/2008
11:31 AM
More information about the bind-users
mailing list