In message <2013032507232012562...@gmail.com>, "Liu Mingxing" writes: > Dear, > > dig some domain to some resolvers and name servers before find that they > do not advertise right reply size limit, even though in fact they support > of sufficient size. > when the resolver 114.114.114.114 is queried, it return the result as the > following. > root@localhost ~# dig @114.114.114.114 com any +dnssec +bufsize=4096 > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> @114.114.114.114 com any > +dnssec +bufsize=4096 > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10405 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;com. IN ANY > > ;; ANSWER SECTION: > com. 84506 IN RRSIG DNSKEY 8 1 86400 > 20130329182533 20130322182033 30909 com. > bkJL6r7iv1PLxVSGbJczd2uMvndJA8lFVDPL+hIo08YjRlhD10qnewEW > uIrCABkPy6xS79hHu3oXMoNjucZ8BdKxgrZf7ZnQ4Iv7IwzSPI62qaWQ > t7sngLctJqPvxBccRYwfz+R0lv/gELnwvK2XX+xxIgDACMorkdEnzPQh > utZS/PrhqVpqicyxMIqCssSu2Vphj7Xe7Y+EkNzjUIBXaXbMfHDFPpsv > 0a2Pkec5BWj8NtKDN9LlCx0KXvwTsl12H9yyWM6AFo1Px968R1wFeYZA > uqozJYhojx8SQ4mUpnYLby+ABiJIK+Q4XyvL1JhQEATqwYs+co/wBAkz mVgJAQ== > com. 84506 IN DNSKEY 256 3 8 > AQPcnY9mVa8t+3ab9SsbKjGh38DXxdCZsL0sCdUEzyj1b3nN9BFLolfM > o7PyfRhOw29YvgwHq1wRB2nRWcOpuUZhgZNOxWqLoOu84KR7HtQmY1yZ > uSkh9WA6mUDQT+i/7zpUVbtmZqNJm5SuQZFE0hn+N5CMxnXOLOsHJsn6 WvB1sQ== > > ;; Query time: 31 msec > ;; SERVER: 114.114.114.114#53(114.114.114.114) > ;; WHEN: Sun Mar 24 16:08:01 2013 > ;; MSG SIZE rcvd: 458
114.114.114.114 is not even RFC 1035 compliant as it fails to set TC=1 if can't add all the records to a RRset to the answer section. The above answer has a partial RRset for DNSKEY/COM. > The bufsize option is set in order to tell the resolver open edns0, but > it ignore it. By using OARC's DNS Reply Size Test > Server(https://www.dns-oarc.net/oarc/services/replysizetest), > it is found that the resolver is actually support ends0. Maybe while it > support edns0, it does not tell this to clients? That is the way it looks. > root@localhost ~# dig +short rs.dns-oarc.net txt @114.114.114.114 > rst.x3827.rs.dns-oarc.net. > rst.x3837.x3827.rs.dns-oarc.net. > rst.x3843.x3837.x3827.rs.dns-oarc.net. > "Tested at 2013-03-24 22:59:55 UTC" > "58.217.249.137 sent EDNS buffer size 4096" > "58.217.249.137 DNS reply size limit is at least 3843" > Not as the resolver, root give a size that is not the right size it > support. The edns0 size in the result is 512B while the message size is > 727B. That is to say, 512 is not right? > root@localhost ~# dig @a.root-servers.net com any +dnssec +bufsize=4096 > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> @a.root-servers.net com > any +dnssec +bufsize=4096 > ; (2 servers found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65447 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 16 > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 512 > ;; QUESTION SECTION: > ;com. IN ANY > ;; AUTHORITY SECTION: > com. 172800 IN NS a.gtld-servers.net. > com. 172800 IN NS b.gtld-servers.net. > com. 172800 IN NS c.gtld-servers.net. > ................. > com. 86400 IN DS 30909 8 2 > E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 > com. 86400 IN RRSIG DS 8 1 86400 > 20130331000000 20130323230000 40323 . > N2LWYkOwbv/oecFw3cuE1K7wphnmWzMVVSvRYbgFYUlUxhbCbh1KogVt > a7uUieHPwXyf6QT56+Au3XfHrwTZzXiy1nHx2tdmAiH/IuAEbyOBPECf > 5dEeuKWpz6StQbn3OOxBaMauFShANT5gMsrqSvRDURvuOa8cdT7EaMhU ikQ= > ;; ADDITIONAL SECTION: > a.gtld-servers.net. 86400 IN AAAA 2001:503:a83e::2:30 > a.gtld-servers.net. 86400 IN A 192.5.6.30 > b.gtld-servers.net. 86400 IN AAAA 2001:503:231d::2:30 > ............... > ;; Query time: 43 msec > ;; SERVER: 198.41.0.4#53(198.41.0.4) > ;; WHEN: Sun Mar 24 16:20:17 2013 > ;; MSG SIZE rcvd: 727 a.root-servers.net is a anycast server. They do not want to get fragmented requests so they are advertising a buffer size that usually does not result in fragmentation of traffic to the server. They still honour the clients advertised buffer size when sending responses. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users