Timeouts

Andrew Stefanick andrew at comneti.com
Thu Jul 26 22:24:53 UTC 2007 

I read an earlier post regarding 512 bytes and timeouts:

Ok, so I have a few DNS servers behind some PIX firewalls.  The PIX

> > IOS
> > does not support the "fixup protocol dns" command, and we are
> > getting a
> > response from a DNS server which is 554 bytes.
> >
> > I understand the obvious fix for this problem... upgrade the PIX.
> >
> > But as a temp fix, is it possible to have BIND send out a TCP query
> > only
> > for this one zone we are having the issue with?


> Hm I would try the option setting
>     edns-udp-size 512;
> to limit the size of udp packets that bind can send out.



    max-udp-size controls what the server will send.
    edns-udp-size controls what the server advertises it can accept.

       edns-udp-size <integer>;
       max-udp-size <integer>;



I am using BIND 9.3.1

I try to use the option, but it complains:

Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.error] 
/opt/mps/data/dnspic/named.conf:5: unknown option 'max-udp-size'
Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.crit] loading 
configuration: failure
Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.crit] exiting 
(due to fatal error)

Is this incorrect syntax?

bash-2.05# pg named.conf
options {
   directory "/opt/mps/data/dnspic";
   pid-file "/opt/mps/data/dnspic/named.pid";
   port 53;
   max-udp-size 512;
};


The issue I am facing is that we have one DNS running BIND 8 and it has 
no problems.

This DNS I upgraded to BIND 9.3.1 and it works fine, except that I get 
timeouts when I try to resolve a query to a single forwarder.  All other 
queries work fine.  I am sure there is something at the far end, most 
likely due to the fact that packets in BIND 9 are slightly larger than 
BIND 8, correct????   The far side has been uncooperative in my attempts 
to fix this, so I am trying anything.

Here is a query done on the old BIND 8 server:

 > plmndns01.mnc380.mcc310.gprs
Server:  ptclvsdns1.nmplateaugsm.com
Address:  172.23.192.75

;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs, IN, A)
------------
SendRequest(), len 46
   HEADER:
       opcode = QUERY, id = 58563, rcode = NOERROR
       header flags:  query, want recursion
       questions = 1,  answers = 0,  authority records = 0,  additional = 0

   QUESTIONS:
       plmndns01.mnc380.mcc310.gprs, type = A, class = IN

------------
------------
Got answer (170 bytes):
   HEADER:
       opcode = QUERY, id = 58563, rcode = NOERROR
       header flags:  response, want recursion, recursion avail.
       questions = 1,  answers = 1,  authority records = 6,  additional = 0

   QUESTIONS:
       plmndns01.mnc380.mcc310.gprs, type = A, class = IN
   ANSWERS:
   ->  plmndns01.mnc380.mcc310.gprs
       type = A, class = IN, dlen = 4
       internet address = 209.183.42.245
       ttl = 102 (102)
   AUTHORITY RECORDS:
   ->  (root)
       type = NS, class = IN, dlen = 7
       nameserver = dnsc.gprs
       ttl = 229087 (229087)
   ->  (root)
       type = NS, class = IN, dlen = 7
       nameserver = dnsd.gprs
       ttl = 229087 (229087)
   ->  (root)
       type = NS, class = IN, dlen = 7
       nameserver = dnse.gprs
       ttl = 229087 (229087)
   ->  (root)
       type = NS, class = IN, dlen = 7
       nameserver = dnsf.gprs
       ttl = 229087 (229087)
   ->  (root)
       type = NS, class = IN, dlen = 7
       nameserver = dnsa.gprs
       ttl = 229087 (229087)
   ->  (root)
       type = NS, class = IN, dlen = 7
       nameserver = dnsb.gprs
       ttl = 229087 (229087)

------------
Non-authoritative answer:
Name:    plmndns01.mnc380.mcc310.gprs
Address:  209.183.42.245

 >

And the same query done from the BIND 9 server:

 > plmndns01.mnc380.mcc310.gprs
Server:  ptclvsdns2.nmplateaugsm.com
Address:  172.23.192.74

;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs, IN, A)
------------
SendRequest(), len 46
   HEADER:
       opcode = QUERY, id = 521, rcode = NOERROR
       header flags:  query, want recursion
       questions = 1,  answers = 0,  authority records = 0,  additional = 0

   QUESTIONS:
       plmndns01.mnc380.mcc310.gprs, type = A, class = IN

------------
timeout
timeout
SendRequest failed
;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs., IN, A)
------------
SendRequest(), len 46
   HEADER:
       opcode = QUERY, id = 522, rcode = NOERROR
       header flags:  query, want recursion
       questions = 1,  answers = 0,  authority records = 0,  additional = 0

   QUESTIONS:
       plmndns01.mnc380.mcc310.gprs, type = A, class = IN

------------
timeout
------------
Got answer (46 bytes):
   HEADER:
       opcode = QUERY, id = 522, rcode = SERVFAIL
       header flags:  response, want recursion, recursion avail.
       questions = 1,  answers = 0,  authority records = 0,  additional = 0

   QUESTIONS:
       plmndns01.mnc380.mcc310.gprs, type = A, class = IN

------------
*** ptclvsdns2.nmplateaugsm.com can't find plmndns01.mnc380.mcc310.gprs: 
Server
failed
 >

Any suggestions??

More information about the bind-users mailing list