edns responses not sent by DNS Server

Harshith Mulky harshith.mulky at outlook.com
Tue May 30 07:25:04 UTC 2017 

Hello Experts,

I have bind installed on OpenSuse 13.2 with version: bind-9.9.5P1

I am doing a Test with client application telling that edns is supported on
DNS Server with udp-payload-size supported as 512 bytes

I have the following configuration on my DNS Server

server 127.0.0.1 {
        edns yes;
        edns-udp-size 512; //max size query sever can receive is upto 4096
bytes(default value=4096 )
        max-udp-size 512; //max size server can transfer is upto 4096
bytes(default value =4096)
};

When my client is querying the external DNS Server, it is adding OPT RR
pseudo section for edns query

The query as below

Domain Name System (query)
    [Response In: 116]
    Transaction ID: 0xc015
    Flags: 0x0100 (Standard query)
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        pcr21381.dflt.vzb.com: type NAPTR, class IN
            Name: pcr21381.dflt.vzb.com
            Type: NAPTR (Naming authority pointer)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (EDNS0 option)
            UDP payload size: 512
            Higher bits in extended RCODE: 0x0
            EDNS0 version: 0
            Z: 0x8000
                Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
                Bits 1-15: 0x0 (reserved)
            Data length: 0

The answer to this query does not contain anything. The size of my answer
bytes is greater than 512(which i checked using dig) Will bind
limit/truncate/not send answers if it does not fall below the
max-udp-payload size

The answer is coming as below

Domain Name System (response)
    [Request In: 115]
    [Time: 0.000318000 seconds]
    Transaction ID: 0xc015
    Flags: 0x8720 (Standard query response, No error)
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .1.. .... .... = Authoritative: Server is an authority for
domain
        .... ..1. .... .... = Truncated: Message is truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 0... .... = Recursion available: Server can't do recursive
queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..1. .... = Answer authenticated: Answer/authority portion
was authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        pcr21381.dflt.vzb.com: type NAPTR, class IN
            Name: pcr21381.dflt.vzb.com
            Type: NAPTR (Naming authority pointer)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
            Name: <Root>
            Type: OPT (EDNS0 option)
            UDP payload size: 4096
            Higher bits in extended RCODE: 0x0
            EDNS0 version: 0
            Z: 0x8000
                Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
                Bits 1-15: 0x0 (reserved)
            Data length: 0


When i do a dig with these options I do not see any issues:

[ssuser at hmslavepsxvm1 BIN]$ dig @FD00:10:6B50:41C0:0:0:0:9B
pcr21381.dflt.vzb.com NAPTR +norecurse +edns=0 +bufsize=512
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.6.0-P1 <<>> @FD00:10:6B50:41C0:0:0:0:9B pcr21381.dflt.vzb.com
NAPTR +norecurse +edns=0 +bufsize=512
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50716
;; flags: qr aa; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pcr21381.dflt.vzb.com.         IN      NAPTR

;; ANSWER SECTION:
pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 38 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   10 34 "s" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 36 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 35 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   10 34 "s" "SIP+D2T" ""
_sip._tcp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 40 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 37 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 39 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.
pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 41 "u" "SIP+D2U" ""
_sip._udp.pcr21381.dflt.vzb.com.




--
View this message in context: http://bind-users-forum.2342410.n4.nabble.com/edns-responses-not-sent-by-DNS-Server-tp3884.html
Sent from the Bind-Users forum mailing list archive at Nabble.com.

More information about the bind-users mailing list