[nsd-users] Additional section and minimal responses

John Bond nsd at johnbond.org
Thu May 12 15:37:41 UTC 2016



On 12/05/2016 13:53, W.C.A. Wijngaards wrote:

> I have implemented the following fixes (in the code repository, works
> with the example.com zone that John set up):  NSD includes AAAA before A
> when the query is over IPv6 for glue.  NSD sets TC if it cannot provide
> at least one glue (only for delegations that have glue; only glue of the
> matching address family counts).
> 
> I hope this resolves this issue.
Hi Wouter

thanks for the speedy response I have checked out trunk and this seems
to work as expected however it introduces another curiosity.

With sub.example.com i can control the amount of glue i get by changing
the bufsize. for example

The following will result in TC been received and the query been
preformed over tcp

 `dig  ns sub.example.com. @5.28.62.36 +bufsize=1444`

The following queries will produce one and two glue records respectively

dig  ns sub.example.com. @5.28.62.36 +bufsize=1460
dig  ns sub.example.com. @5.28.62.36 +bufsize=1476

Increasing the buf size beyond this has no further effect and you will
only ever revive two glue records.

This is not such an issue until we consider the sub1.example.com.  With
this zone the answer section with one glue record is above the 1500 byte
minimial-responses limit for IPv4.  This means that no matter what value
one advertises in EDNS they will always be given an answer with TC=1.  This

Im not suggesting this behavior is incorrect and can see the benefits in
avoiding fragmentation.  However with this discussion and the comments
from Stephane last week.  i wonder if it is worth considering having a
config item for minimal response size.  something like

 ipv4-minimal-response: <number or edns>
	NSD will only add optional records to the authority and additional
sections when the response size does not exceed this value in bytes or
the advertised EDNS size if set to 'edns'.  The default is 1480

 ipv6-minimal-response: <number or edns>
	NSD will only add optional records to the authority and additional
sections when the response size does not exceed this value in bytes or
the advertised EDNS size if set to 'edns'.  The default is 1220





More information about the nsd-users mailing list