DNS inspection at firewalls may be blocking the response, although this should be evident from all platforms, not just from mobile devices.
You can run a test to determine if there is something in the path restricting DNS packet sizes. https://www.dns-oarc.net/oarc/services/replysizetest May not be of much help on a mobile device, but you could run this from your DNS servers looking outbound toward the Internet. dig +short rs.dns-oarc.net txt As an example, Cisco ASA firewalls prior to version 8.3 by default limit DNS packet size to 512 bytes. To change this limit, the configuration must be updated. More information is listed here about maximum DNS packet sizes and Cisco firewalls: http://www.cisco.com/web/about/security/intelligence/dnssec.html Example fix for Cisco ASA running version 7.x: conf t policy-map type inspect dns preset_dns_map parameters message-length maximum 4096 end wr mem -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mark Jeftovic Sent: Saturday, September 15, 2012 9:41 PM To: dns-operations Subject: [dns-operations] too many round robin RR's / tcp and lookup errors? Wondering if this is "well known" or not. We had a problem with a customer domain, for some reason it appeared as though mobile devices on the Wind network couldn't resolve a domain. Then I could duplicate the problem on the rogers network. I realized that the hostname in question was using round robin DNS, and had enough records that the response size was over 512 bytes, thus the truncate bit was set and the resolver is supposed to retry over TCP. So we had them drop enough records to get the response under 512 bytes and the problem went away. The questions I have are is this something with specific resolvers? (Can't handle edns truncate and TCP retries properly) - but then we'd expect to see this on regular web browsers too. We didn't that I'm aware of, it was all mobile devices. So is there something in iOS and possibly other mobile devices that can't handle a TCP response, or can't handle a TCP response over 512 bytes or something else? Anybody else run across this sort of thing? -mark -- Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc. Company Website: http://easydns.com Read My Blog: http://markable.com +1-416-535-8672 ext 225 _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
