edns responses not sent by DNS Server
Harshith Mulky
harshith.mulky at outlook.com
Tue May 30 07:25:04 UTC 2017
Hello Experts,
I have bind installed on OpenSuse 13.2 with version: bind-9.9.5P1
I am doing a Test with client application telling that edns is supported on
DNS Server with udp-payload-size supported as 512 bytes
I have the following configuration on my DNS Server
server 127.0.0.1 {
edns yes;
edns-udp-size 512; //max size query sever can receive is upto 4096
bytes(default value=4096 )
max-udp-size 512; //max size server can transfer is upto 4096
bytes(default value =4096)
};
When my client is querying the external DNS Server, it is adding OPT RR
pseudo section for edns query
The query as below
Domain Name System (query)
[Response In: 116]
Transaction ID: 0xc015
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
pcr21381.dflt.vzb.com: type NAPTR, class IN
Name: pcr21381.dflt.vzb.com
Type: NAPTR (Naming authority pointer)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
The answer to this query does not contain anything. The size of my answer
bytes is greater than 512(which i checked using dig) Will bind
limit/truncate/not send answers if it does not fall below the
max-udp-payload size
The answer is coming as below
Domain Name System (response)
[Request In: 115]
[Time: 0.000318000 seconds]
Transaction ID: 0xc015
Flags: 0x8720 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for
domain
.... ..1. .... .... = Truncated: Message is truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive
queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = Answer authenticated: Answer/authority portion
was authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
pcr21381.dflt.vzb.com: type NAPTR, class IN
Name: pcr21381.dflt.vzb.com
Type: NAPTR (Naming authority pointer)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
When i do a dig with these options I do not see any issues:
[ssuser at hmslavepsxvm1 BIN]$ dig @FD00:10:6B50:41C0:0:0:0:9B
pcr21381.dflt.vzb.com NAPTR +norecurse +edns=0 +bufsize=512
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.6.0-P1 <<>> @FD00:10:6B50:41C0:0:0:0:9B pcr21381.dflt.vzb.com
NAPTR +norecurse +edns=0 +bufsize=512
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50716
;; flags: qr aa; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pcr21381.dflt.vzb.com. IN NAPTR
;; ANSWER SECTION:
pcr21381.dflt.vzb.com. 300 IN NAPTR 11 38 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 10 34 "s" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 11 36 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 11 35 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 10 34 "s" "SIP+D2T" ""
_sip._tcp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 11 40 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 11 37 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 11 39 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com. 300 IN NAPTR 11 41 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
--
View this message in context: http://bind-users-forum.2342410.n4.nabble.com/edns-responses-not-sent-by-DNS-Server-tp3884.html
Sent from the Bind-Users forum mailing list archive at Nabble.com.
More information about the bind-users
mailing list