RRSet size limitation lower than predicted by RDLENGTH field size
Tom Byrnes
tomb at threatstop.com
Sun Apr 20 00:40:15 UTC 2008
I've done some more digging and I have figured at least one reason why the responses would be in the 4K range: the TCP message length part before the DNS message header.
That specifies the length of the TCP message excluding it's 2 bytes, which limits the entire message to 65535 bytes.
With a message header of 12 bytes, and 14 bytes for each RR, the total number of A records that can be returned in 65535 bytes is around 4600.
Are there any other BIND specific or general limitations I'm missing?
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf Of Tom Byrnes
Sent: Saturday, April 19, 2008 2:31 PM
To: bind-users at isc.org
Subject: RRSet size limitation lower than predicted by RDLENGTH field size
We're pushing the limits of RRSet sizes for A records in the responses to
queries for our lists, but we're finding that the practical limit is much
lower than that predicted in the binary message format specs.
The octets in the RDLENGTH param (16 bit unsigned = 65535) should allow
16384 A records in a single RRSET using TCP, but the behavior we are
observing in BIND is a limitation of 4096 A records.
We're using Bind 9.4.1-P1 on Gentoo.
Any ideas what's causing this, or how to fix it?
Thanks in advance.
Tom Byrnes
CTO
ThreatSTOP
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 4/19/2008 11:31 AM
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 4/19/2008 11:31 AM
More information about the bind-users
mailing list