not all name servers advertise right edns0 size limit?
Liu Mingxing
lmxhappy at gmail.com
Sun Mar 24 23:23:22 UTC 2013
Dear,
dig some domain to some resolvers and name servers before find that they do not advertise right reply size limit, even though in fact they support of sufficient size.
when the resolver 114.114.114.114 is queried, it return the result as the following.
[root at localhost ~]# dig @114.114.114.114 com any +dnssec +bufsize=4096
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> @114.114.114.114 com any +dnssec +bufsize=4096
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10405
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;com. IN ANY
;; ANSWER SECTION:
com. 84506 IN RRSIG DNSKEY 8 1 86400 20130329182533 20130322182033 30909 com. bkJL6r7iv1PLxVSGbJczd2uMvndJA8lFVDPL+hIo08YjRlhD10qnewEW uIrCABkPy6xS79hHu3oXMoNjucZ8BdKxgrZf7ZnQ4Iv7IwzSPI62qaWQ t7sngLctJqPvxBccRYwfz+R0lv/gELnwvK2XX+xxIgDACMorkdEnzPQh utZS/PrhqVpqicyxMIqCssSu2Vphj7Xe7Y+EkNzjUIBXaXbMfHDFPpsv 0a2Pkec5BWj8NtKDN9LlCx0KXvwTsl12H9yyWM6AFo1Px968R1wFeYZA uqozJYhojx8SQ4mUpnYLby+ABiJIK+Q4XyvL1JhQEATqwYs+co/wBAkz mVgJAQ==
com. 84506 IN DNSKEY 256 3 8 AQPcnY9mVa8t+3ab9SsbKjGh38DXxdCZsL0sCdUEzyj1b3nN9BFLolfM o7PyfRhOw29YvgwHq1wRB2nRWcOpuUZhgZNOxWqLoOu84KR7HtQmY1yZ uSkh9WA6mUDQT+i/7zpUVbtmZqNJm5SuQZFE0hn+N5CMxnXOLOsHJsn6 WvB1sQ==
;; Query time: 31 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Sun Mar 24 16:08:01 2013
;; MSG SIZE rcvd: 458
The bufsize option is set in order to tell the resolver open edns0, but it ignore it. By using OARC's DNS Reply Size Test Server(https://www.dns-oarc.net/oarc/services/replysizetest),
it is found that the resolver is actually support ends0. Maybe while it support edns0, it does not tell this to clients?
[root at localhost ~]# dig +short rs.dns-oarc.net txt @114.114.114.114
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2013-03-24 22:59:55 UTC"
"58.217.249.137 sent EDNS buffer size 4096"
"58.217.249.137 DNS reply size limit is at least 3843"
Not as the resolver, root give a size that is not the right size it support. The edns0 size in the result is 512B while the message size is 727B. That is to say, 512 is not right?
[root at localhost ~]# dig @a.root-servers.net com any +dnssec +bufsize=4096
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> @a.root-servers.net com any +dnssec +bufsize=4096
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65447
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 16
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;com. IN ANY
;; AUTHORITY SECTION:
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
.................
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20130331000000 20130323230000 40323 . N2LWYkOwbv/oecFw3cuE1K7wphnmWzMVVSvRYbgFYUlUxhbCbh1KogVt a7uUieHPwXyf6QT56+Au3XfHrwTZzXiy1nHx2tdmAiH/IuAEbyOBPECf 5dEeuKWpz6StQbn3OOxBaMauFShANT5gMsrqSvRDURvuOa8cdT7EaMhU ikQ=
;; ADDITIONAL SECTION:
a.gtld-servers.net. 86400 IN AAAA 2001:503:a83e::2:30
a.gtld-servers.net. 86400 IN A 192.5.6.30
b.gtld-servers.net. 86400 IN AAAA 2001:503:231d::2:30
...............
;; Query time: 43 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun Mar 24 16:20:17 2013
;; MSG SIZE rcvd: 727
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130325/dfa4ce9f/attachment.html>
More information about the bind-users
mailing list