[nsd-users] Additional section and minimal responses
John Bond
nsd at johnbond.org
Thu May 12 12:27:13 UTC 2016
Hi Olafur,
On 11/05/2016 20:16, Olafur Gudmundsson wrote:
> The NS is 40 records that requires a 1444 byte answer so when I increased the buffer size to 3K
> I got two A records indicating that the server is limiting answers it gives out over UDP
> With tcp I got
> ;; Query time: 89 msec
> ;; SERVER: 5.28.62.36#53(5.28.62.36)
> ;; WHEN: Wed May 11 15:13:04 EDT 2016
> ;; MSG SIZE rcvd: 3204
>
> check your settings for
> ipv4-edns-size: <number>
> Preferred EDNS buffer size for IPv4.
> ipv6-edns-size: <number>
> Preferred EDNS buffer size for IPv6.
Both of these are set to 4k on the server side. however the dig
commands i use are forcing the edns size to 1444 to highlight this
issue. For clarity and to remove edns from the equation i have created
a delegation that will never send glue records unless one queries over
TCP. Furthermore TC=1 will never be sent unless your edns buff size is
< 1480.
`dig ns sub1.example.com. @5.28.62.36`
This is been controlled by the minimum response size feature introduced
in nsd 3.2.9
'''
Minimize responses to reduce truncation: NSD will only add optional
records to the authority and additional sections when the response size
does not exceed the minimal response size.
The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4), 1220
(EDNS/IPv6), or the advertized EDNS buffer size if that is smaller than
the EDNS default.
'''
My expectation is that nsd should always endeavour to send at least one
glue record when answering with a delegation. Otherwise recursion will
fail at this point and in this case sub1.example.com would never resolve.
Thanks John
More information about the nsd-users
mailing list