FW: BIND limits and performance questions

Brad Knowles brad.knowles at skynet.be
Fri Mar 23 18:18:46 UTC 2001 

At 9:37 AM -0800 3/23/01, Morris Balamut wrote:

>>>  	Once you break that 512-byte limit for something as fundamental
>>>  as the RRset for the NS records, all holy hell will break loose
>>>  (which is why there aren't any more than thirteen root nameservers).
>
>  Could you kindly explain what "all holy hell will break loose" means.
>  What actually happens and why is that bad?

	It's called "truncation".  Damn few applications I know of 
actually handle truncation correctly, and in the case of something 
like Internet e-mail may simply refuse to send mail to the domain, 
etc....


	In theory, what happens is the resolver library in question is 
supposed to look at where the truncation occurs, and if it's in the 
"AUTHORITY" section, it throws away the entire set of results and 
re-tries the query using TCP (this is why blocking TCP port 53 is a 
really, really bad idea).  Once the query is retried with TCP, it 
takes the expanded data and feeds that back to the application, but 
many applications don't reserve enough space in their data structures 
to hold that much, and a lot of the information is lost anyway.

	If the truncation occurs in the "ADDITIONAL" section, then it 
passes the information up to the application, and the application may 
choose to re-try the query using a "virtual circuit" (i.e., with TCP).


	In any event, suffice it to say that many programs simply flake 
out in the face of truncation, and you really need to make certain 
you do everything you possibly can to ensure that you never cause 
truncation in any form.

--
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne's/\.//;print pack("H124",$1)if(/^x([^\.]*)/)'

More information about the bind-users mailing list