Hi Michael On Fri, May 06, 2016 at 02:57:59PM +0200, Michael Brunnbauer wrote: > I tried running bind with dnssec-enable no and still the exchanges with > tld nameservers involved many packets and TCP sessions. Why?
See below:
> > 07:25:08.157974 IP (tos 0x0, ttl 64, id 22351, offset 0, flags [none],
> > proto UDP (17), length 75)
> > 81.209.177.155.40611 > 192.12.94.30.53: [bad udp cksum 0x21e0 ->
> > 0xcab7!] 48603 [1au] A? ts.foaf-search.net. ar: . OPT UDPsize=512 OK (47)
> > 07:25:08.158034 IP (tos 0x0, ttl 64, id 22352, offset 0, flags [none],
> > proto UDP (17), length 75)
> > 81.209.177.155.63722 > 192.12.94.30.53: [bad udp cksum 0x21e0 ->
> > 0xd69b!] 22421 [1au] AAAA? ts.foaf-search.net. ar: . OPT UDPsize=512 OK (47)
These queries are sent by 81.209.177.155 to 192.12.94.30 with UDP
payload size set to 512. This caused the reply to be truncated:
[muks@jurassic ~]$ dig +bufsize=512 +dnssec @192.12.94.30 -t A foaf-search.net.
;; Truncated, retrying in TCP mode.
Why is the UDP payload size advertised as 512? Some previous timeout or
configuration caused it to be so. Check earlier logs. Try querying the
TLD NS directly with +bufsize=4096 to see if there are any issues in
getting replies to your network.
Mukund
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
