Side-effects of edns-udp-size 512
Doug Barton
dougb at dougbarton.us
Mon May 3 23:54:38 UTC 2010
On 05/03/10 16:46, Ray Van Dolson wrote:
> On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
>> On 05/03/10 09:34, Ray Van Dolson wrote:
>>>
>>> I believe having edns-udp-size set at 512 gives us maximum
>>> compatibility with anything out there behind a broken firewall, etc,
>>> though we should look at removing the limit at some point in the future
>>> when possible.
>>
>> Doing this will simply perpetuate the problem, not solve it.
>>
>
> I do understand that. However, it's not always a practical stance to
> take... :)
Define "practical." There is an ever-decreasing subset of networks that
CAN do DNS over TCP properly, but CANNOT do "DNS w/UDP > 512." By
changing edns-udp-size you cater to them, but you disadvantage the
majority of networks that actually work.
In all likelihood you would be better off investigating why you have
such large RRs in the first place.
Oh and BTW, if your responses are > 512 you will be signaling to the
resolver that they need to retry via TCP. You have tested TCP access to
your authoritative name servers, right?
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
More information about the bind-users
mailing list