Re: Truncated TCP ?

[J Doe]

On 2024-05-05 20:47, Mark Andrews wrote:





On 6 May 2024, at 07:38, J Doe  wrote:

Hello,

I run BIND 9.18.26 as a recursive, validating resolver.  In my logs, I
noticed the following:

01-May-2024 00:52:49.689 lame-servers: info: truncated TCP response
resolving 'www.ipfire.org/A/IN': 74.113.60.134#53

I am aware that there are issues with DNS UDP traffic being truncated
and/or rejected via firewalls or middle-boxes that enforce limits on
expected packet size (I believe one of the goals of a recent Flag Day
was to address these configs), but what would lead to truncated TCP
traffic in the context of DNS ?


Usually it is a software bug in the server where it doesn’t support 65535 byte
responses or incorrectly applies UDP limits to TCP.  Very occasionally the
response actually won’t fit in 65535 bytes.

Whatever it was I’m not seeing it now.

Mark


Thanks,

- J


Hi Mark,

When you say "server" do you mean my server (which implies that there is
a TCP/IP stack issue on my end), or the remote server (in this case the
authoritative DNS Server for: www.ipfire.org) ?

Thanks,

- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Switching from rhel base 9.16 to 9.18 copr

[John Thurston]

This doesn't answer the question you have asked, so feel free to hit 
'delete'.


I suggest that what you are trying to do has the potential to cause you 
suffering later. If you are switching to the COPR distribution, don't 
fight it. Turn off and disable the base service/daemon. Copy your .conf 
files over to the new location for the COPR distribution. Move on with 
your life.


When you are satisfied that the COPR distribution is meeting your needs 
(and you aren't going back to the base), replace that .conf in /etc with 
something defining only localhost. Your installation will look like 
every one else who is using the COPR distribution, and package updates 
to the base can happen without affecting the installation you care 
about. If some update to base does re-enable it, it will behave 
substantially differently from your real installation, and you will 
notice it.


--
Do things because you should, not just because you can.

John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska

On 5/5/2024 8:15 AM, Luca vom Bruch via bind-users wrote:


Hello,

I use bind (stock from alma 9.3) as a nameserver for a webhosting 
server with webmin/virtualmin.


If I install BIND via copr (RHEL9 and derivatives only offer 9.16 
instead of 9.18 – I want to experiment with DoT for opportunistic TLS 
between nameservers, upcoming standard RFC 9539 - Unilateral 
Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS 
(ietf.org) 
 
)


what are the necessary steps to make isc-bind read the existing config 
files? named.conf in /etc and zones in /var/named?


will the daemon only listen to /etc/opt/isc/scls/isc-bind/named.conf? 
should I edit the systemctl .service file to adjust the config path?


Thanks,

Luca

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users