EDNS and DNSSEC impossible to use in Satellite links
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Aug 27 15:34:02 UTC 2008
On 27.08.08 10:49, Aliet Santiesteban Sifontes wrote:
> I have been many days working around this, searching and posting in
> the list, and after all the tests I'm concluding that edns and dnssec
> can not be used in satellite links, at least with bind 9.5.0P2 on rhel
> 5.2, why I say this:
> A round trip time for a package in a satellite link is ~500 ms, now
> depending on traffic, weather and many other factors, this times can
> be in the real life ~600 ms ~700 ms, analyzing a capture on our
> gateway we can find that timeouts are happening for a query for
> responses times of ~601 ms, when the responses arrives the udp socket
> in the server it has been closed after this time and this genereates
> icmp packages of port unreachable, there is no problem with the size
> of the udp packages, or fragments out of order, this is not the
> problem in this case, In satellite links those times are a normal
> behaviour, so it should be a way to configure bind udp timeouts
> values, specially for this cases, not only udp sizes, there are many
> people using this kind of links, for example islands, using current
> timeouts nobody with this kind of link will use edns and dnssec, I
> attached a capture of the gateway so you can see what I mean, see
> responses times.
> Any ideas, best regards, perhaps a new feature??, a bug??
I think it's a bug, 600 ms tmieout is _very_ small.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
More information about the bind-users
mailing list