Timeouts
Andrew Stefanick
andrew at comneti.com
Thu Jul 26 22:24:53 UTC 2007
I read an earlier post regarding 512 bytes and timeouts:
Ok, so I have a few DNS servers behind some PIX firewalls. The PIX
> > IOS
> > does not support the "fixup protocol dns" command, and we are
> > getting a
> > response from a DNS server which is 554 bytes.
> >
> > I understand the obvious fix for this problem... upgrade the PIX.
> >
> > But as a temp fix, is it possible to have BIND send out a TCP query
> > only
> > for this one zone we are having the issue with?
> Hm I would try the option setting
> edns-udp-size 512;
> to limit the size of udp packets that bind can send out.
max-udp-size controls what the server will send.
edns-udp-size controls what the server advertises it can accept.
edns-udp-size <integer>;
max-udp-size <integer>;
I am using BIND 9.3.1
I try to use the option, but it complains:
Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.error]
/opt/mps/data/dnspic/named.conf:5: unknown option 'max-udp-size'
Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.crit] loading
configuration: failure
Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.crit] exiting
(due to fatal error)
Is this incorrect syntax?
bash-2.05# pg named.conf
options {
directory "/opt/mps/data/dnspic";
pid-file "/opt/mps/data/dnspic/named.pid";
port 53;
max-udp-size 512;
};
The issue I am facing is that we have one DNS running BIND 8 and it has
no problems.
This DNS I upgraded to BIND 9.3.1 and it works fine, except that I get
timeouts when I try to resolve a query to a single forwarder. All other
queries work fine. I am sure there is something at the far end, most
likely due to the fact that packets in BIND 9 are slightly larger than
BIND 8, correct???? The far side has been uncooperative in my attempts
to fix this, so I am trying anything.
Here is a query done on the old BIND 8 server:
> plmndns01.mnc380.mcc310.gprs
Server: ptclvsdns1.nmplateaugsm.com
Address: 172.23.192.75
;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs, IN, A)
------------
SendRequest(), len 46
HEADER:
opcode = QUERY, id = 58563, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
plmndns01.mnc380.mcc310.gprs, type = A, class = IN
------------
------------
Got answer (170 bytes):
HEADER:
opcode = QUERY, id = 58563, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 6, additional = 0
QUESTIONS:
plmndns01.mnc380.mcc310.gprs, type = A, class = IN
ANSWERS:
-> plmndns01.mnc380.mcc310.gprs
type = A, class = IN, dlen = 4
internet address = 209.183.42.245
ttl = 102 (102)
AUTHORITY RECORDS:
-> (root)
type = NS, class = IN, dlen = 7
nameserver = dnsc.gprs
ttl = 229087 (229087)
-> (root)
type = NS, class = IN, dlen = 7
nameserver = dnsd.gprs
ttl = 229087 (229087)
-> (root)
type = NS, class = IN, dlen = 7
nameserver = dnse.gprs
ttl = 229087 (229087)
-> (root)
type = NS, class = IN, dlen = 7
nameserver = dnsf.gprs
ttl = 229087 (229087)
-> (root)
type = NS, class = IN, dlen = 7
nameserver = dnsa.gprs
ttl = 229087 (229087)
-> (root)
type = NS, class = IN, dlen = 7
nameserver = dnsb.gprs
ttl = 229087 (229087)
------------
Non-authoritative answer:
Name: plmndns01.mnc380.mcc310.gprs
Address: 209.183.42.245
>
And the same query done from the BIND 9 server:
> plmndns01.mnc380.mcc310.gprs
Server: ptclvsdns2.nmplateaugsm.com
Address: 172.23.192.74
;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs, IN, A)
------------
SendRequest(), len 46
HEADER:
opcode = QUERY, id = 521, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
plmndns01.mnc380.mcc310.gprs, type = A, class = IN
------------
timeout
timeout
SendRequest failed
;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs., IN, A)
------------
SendRequest(), len 46
HEADER:
opcode = QUERY, id = 522, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
plmndns01.mnc380.mcc310.gprs, type = A, class = IN
------------
timeout
------------
Got answer (46 bytes):
HEADER:
opcode = QUERY, id = 522, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
plmndns01.mnc380.mcc310.gprs, type = A, class = IN
------------
*** ptclvsdns2.nmplateaugsm.com can't find plmndns01.mnc380.mcc310.gprs:
Server
failed
>
Any suggestions??
More information about the bind-users
mailing list