Hi, DNS server @2a02:348:a1:bd32::1 seems to behave strangly.
$ dig -t DS www.veilingzaalmelase.be @2a02:348:a1:bd32::1 +edns=0 +bufsize=1452 +norecurse +dnssec ; <<>> DiG 9.11.4 <<>> -t DS www.veilingzaalmelase.be @2a02:348:a1:bd32::1 +edns=0 +bufsize=1452 +norecurse +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10024 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;www.veilingzaalmelase.be. IN DS ;; AUTHORITY SECTION: veilingzaalmelase.be. 7200 IN SOA ns1.mijndnsserver.nl. hostmaster.veilingzaalmelase.be. 2021031001 28800 7200 2419200 86400 veilingzaalmelase.be. 7200 IN RRSIG SOA 8 2 7200 20210409093004 20210310093004 35055 veilingzaalmelase.be. Lxfkk00qbjQhrXql1xBf7D/0lR3O8NfWIf599kKstRSmVX0OT3L+JJeb Z4pcOuVCZbU7E938/p6krnQ1k68yPxMk+mGBV5y1fAF5aSX3cAXLQX z1nTwMS0jXNk0JEtak1CyGbIeyP3x0HDciewftW140khPjIh3rSA4tk+ X+GPCwg+G7zPagZOisLnTt+LFMTpfCDr0wlCPA+b8Ae778r7ry4KpPSx WbS1xz8NESasYt+H2qwq+MYVLjTA0jtIxztbAZ0WU1SrkEBU3CQtQ4 MndVpXNovbAqRy4XNUrw2yZ8j56mb1Lm6twc3mO4jz+LWMr2X6NDVfoM dknn5k0CJHFhXGoO1TlATAs15IPBjsZXMRaIxZCopjEphpE40VP31sea v8miQDhvbM+Kr49ZaHCo61qDbcaznHHVYQeTVGnkVnhYs6QJfjwFo7+I 8R1JHKF8v+qjcGLHKx3z0k6NPNqNoZaE3+nitKBltEj+L9wQ4HzHvF TTDiGv4oUITo8pVi3eceZIG9jYcx91obQgH02pNNiz0I+jnyQ27CLm1h 2Ei3lcIhK3xfjB6NVVnkKhHt0eHUC0QiQLEGXWfFZRV5glkpxaIikEIp 26ldVD8sr6z2JOoHfmaMG2x3QPel8Gc8YJpeoTCX7yw7uBPN2Rnq1y vLXVSGHLrN0= www.veilingzaalmelase.be. 86400 IN NSEC veilingzaalmelase.be. A RRSIG NSEC www.veilingzaalmelase.be. 86400 IN RRSIG NSEC 8 3 86400 20210409093004 20210310093004 35055 veilingzaalmelase.be. EIZCmD06nt9u2S6VHA+6J6o9IkSFNJRypDJ4SgEauyNRw/7ButbLqZrH 3nYJlqkt95NxCjifg36k60oCK0dI5Zp56wQVQU50au5FrlMBIfidOO DYt5u++iQ18QdiW9N8Lc0i0y3PWQKVGcEZLGrroOlc7nw1TX3oE9VOme WziFpdjVFYn+qEXNp8vHNyuKMwtIFDREHobU2wffClp//B0olWLrDUzi JClgxV+XZH8LawO2QCBsV9Ze2iJOkKPeUzcNXumQ3E3Tr0xMB6fAat xgAOzNN3dOOA+g4gYqzUfLtk8n4wHgP8IAAxqYn1e2blAlssgT8rMltR 8ZPQDcXLgexPj0aCe8rvUQhcHXQ7CyE/RuFt6uVOfrCLBv2USBmIn/OU RLMdoLLx+at8O+oKMjoq5lqh5SBdx0hygHehsVY7hXl+xSPitz6AUg9s tdTdGfF1FKekIk12Bg4DE+o69/7AewUCKCGQLz2+4aA7HjmszdteF8 GhE1QwgrD4MRAtMmz559q76UJ3WNp/FV8gU7KpXU9vJUuo3eCo9BFahi eyc39mBwwbIJSp02MizwnOfpGAUBzFe2NutuOYYrY8YozNvRJpWQkP1P Lm421cfgdhhSToZu966HmOaW/Wlg2lEofavdmT2V4CMMzFMGzyZOEe Zico4VaMVOM= ;; Query time: 8 msec ;; SERVER: 2a02:348:a1:bd32::1#53(2a02:348:a1:bd32::1) ;; WHEN: Wed Mar 24 19:33:04 CET 2021 ;; MSG SIZE rcvd: 1290 Packets: $ sudo tcpdump -nn -p host 2a02:348:a1:bd32::1 19:33:04.426128 IP6 2a02:1111:1111::1.60034 > 2a02:348:a1:bd32::1.53: 10024 [1au] DS? www.veilingzaalmelase.be. (53) 19:33:04.434834 IP6 2a02:348:a1:bd32::1 > 2a02:1111:1111::1: frag (0|1232) 53 > 60034: 10024*- 0/4/1 (1224) 19:33:04.434846 IP6 2a02:348:a1:bd32::1 > 2a02:1111:1111::1: frag (1232|66) So the server responds with 2 fragments, while there should be no reason for this. It advertises a buffer size of 4096 in the response, so the response fits in 1 udp packet. Is my conclusion correct ? It is also strange that the first fragment has a size of 1232 ... Thanks for any feedback, Thor _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
