[nsd-users] Additional section and minimal responses

John Bond nsd at johnbond.org
Tue May 10 17:48:15 UTC 2016


Hello All,

I'm looking at minimal responses and i wanted to get some input about
how it works.  I understand that

" The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
1220 (EDNS/IPv6), or the advertised EDNS buffer size if that is
smaller than the EDNS default."

What i wanted to ask is how does the name server decided what parts of
the additional section is removed?  For instance if the query came in
over IPv6 would nsd attempt to add AAAA glue before A glue.  If the zone
is signed will it attempt to only add glue if it can also add the rrsig
record?

Finally i thought that you would have to include at lease on glue record
in the additional section otherwise a resolution is not possible.
However nsd will answer with an empty additional section even if all
labels in the NS set are in zone.  Is this an error or have i missed
something?

I have set up an example.com zone on one of my server's to demonstrate
this.  The following query produces no glue records in the additional
section.

dig ns example.com. @5.28.62.36 +bufsize=1440 +norec


increasing the bufsize does add additional glue until you get to  1.5k
at which point the hard limit in nsd kicks in.  you can also see that no
glue is given over dnssec but the bufsize at this point is already over
the 1500 limit

dig +dnssec ns example.com. @5.28.62.36 +bufsize=1620 +norec

can also test this over ipv6 @2001:41c9:1:41c::36

thanks John





More information about the nsd-users mailing list