queries with no RD bit set are truncating
Kevin Darcy
kcd at chrysler.com
Mon Jun 15 23:29:03 UTC 2009
Well, the biggest mystery here, in my mind, is why are you getting an
actual *answer* (specifically, 5 records in the Answer Section, with
another 3 records associated with those answers in the Additional
Section) when you query recursively, but no answer when you query
non-recursively (?) Since the server is non-recursive, it's presumably
answering only from its own authoritative data, thus the response should
be the same, regardless of the setting of RD in the query.
The only solution to that mystery that comes to mind, offhand, is if you
have a "match-recursive-only" view defined in your config (do you?).
This would allow recursive and non-recursive queries to be answered from
totally different and unrelated datasets.
If that's true, and also, if your records/record-sets are large, then
everything else is explainable:
-- in the recursive-query case, the NS RRset that one would normally
expect to find in the Authority Section is missing, because it's too big
to fit. TC isn't set in this case, because that NS RRset is not
*required* for the response
-- in the non-recursive-query case, the SOA RR or NS RRset that is
*required* in the Authority Section, for a referral, or a "NODATA"
response, respectively (see RFC 2308), is missing because it's too big
to fit within the 512-byte limit. Since one or the other of these is a
*required* element of the response, TC is set to signal its absence.
Am I completely off-base? Anyone else who has a better theory, please
speak up.
If the mystery still remains unsolved, one thing to try is to perform
both the recursive and non-recursive queries, using TCP or with an
appropriately-sized EDNS0 buffer, and compare/contrast the responses
under those conditions.
Also, since this is a truncation issue, tracing with a tool that, at a
minimum, shows the packet sizes, would help to confirm or deny any
theories attempting to explain the behavior you're seeing.
- Kevin
Peter Andreev wrote:
> Because there is nothing in server's logs.
> While client sees following:
>
> (query with no RD bit)
> - Flags: Query, Opcode - QUERY (Standard query), Rcode - Success
> QR: (0...............) Query
> Opcode: (.0000...........) QUERY (Standard query) 0
> AA: (.....0..........) Not authoritative
> TC: (......0.........) Not truncated
> RD: (.......0........) Recursion not desired <-
> no recursion!
> RA: (........0.......) Recursive query support not
> available
> Zero: (.........0......) 0
> AuthenticatedData: (..........0.....) Not AuthenticatedData
> CheckingDisabled: (...........0....) Not CheckingDisabled
> Rcode: (............0000) Success 0
> QuestionCount: 1 (0x1)
> AnswerCount: 0 (0x0)
> NameServerCount: 0 (0x0)
> AdditionalCount: 0 (0x0)
>
> (answer)
> - Flags: Response, Opcode - QUERY (Standard query), AA, TC, Rcode -
> Success
> QR: (1...............) Response
> Opcode: (.0000...........) QUERY (Standard query) 0
> AA: (.....1..........) Is authoritative
> TC: (......1.........) Message truncated <-
> message is truncated!
> RD: (.......0........) Recursion not desired
> RA: (........0.......) Recursive query support not
> available
> Zero: (.........0......) 0
> AuthenticatedData: (..........0.....) Not AuthenticatedData
> CheckingDisabled: (...........0....) Not CheckingDisabled
> Rcode: (............0000) Success 0
> QuestionCount: 1 (0x1)
> AnswerCount: 0 (0x0)
> NameServerCount: 0 (0x0)
> AdditionalCount: 0 (0x0)
>
> (query with RD bit)
> - Flags: Query, Opcode - QUERY (Standard query), RD, Rcode - Success
> QR: (0...............) Query
> Opcode: (.0000...........) QUERY (Standard query) 0
> AA: (.....0..........) Not authoritative
> TC: (......0.........) Not truncated
> RD: (.......1........) Recursion desired <-
> RD-flag set!
> RA: (........0.......) Recursive query support not
> available
> Zero: (.........0......) 0
> AuthenticatedData: (..........0.....) Not AuthenticatedData
> CheckingDisabled: (...........0....) Not CheckingDisabled
> Rcode: (............0000) Success 0
> QuestionCount: 1 (0x1)
> AnswerCount: 0 (0x0)
> NameServerCount: 0 (0x0)
> AdditionalCount: 0 (0x0)
>
> (answer)
> - Flags: Response, Opcode - QUERY (Standard query), AA, RD, Rcode -
> Success
> QR: (1...............) Response
> Opcode: (.0000...........) QUERY (Standard query) 0
> AA: (.....1..........) Is authoritative
> TC: (......0.........) Not truncated <- TC-flag
> not set
> RD: (.......1........) Recursion desired
> RA: (........0.......) Recursive query support not
> available
> Zero: (.........0......) 0
> AuthenticatedData: (..........0.....) Not AuthenticatedData
> CheckingDisabled: (...........0....) Not CheckingDisabled
> Rcode: (............0000) Success 0
> QuestionCount: 1 (0x1)
> AnswerCount: 5 (0x5)
> NameServerCount: 0 (0x0)
> AdditionalCount: 3 (0x3)
>
> I do not understand why so occurs.
>
>
> Peter, why don't you post what you are seeing?
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> <mailto:marka at isc.org>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list