Hello, Several RFC's on DNS do state that name servers (not only Bind) should avoid, if possible, to send messages that would require the TC bit set in the reply.
Replies can be stay shorter if some sections (authority/additional) are not included in the reply. I know for sure that DNSSEC related RFC's explicitly state to leave authority/additional section empty if filling them would lead to the answer becoming too big and requiring the TC bit to be set. --> it is not a configuration setting, it's RFC defined. Kind regards, Marc Lampo Security Officer EURid (for .eu) -----Original Message----- From: Sebastiano Di Paola [mailto:sebastiano.dipa...@gmail.com] Sent: 27 June 2012 10:43 AM To: bind-users@lists.isc.org Subject: Truncated DNS message over UDP Hello everyone, before sending this email I tried do some seaches on this topic, but no luck so far...so before bothering bind-workers here's my question I was wondering if a configuration option exists in order to force bind server to send a "minimal (from size and number of returned record point of view)" response in case the trucated bit is set in the header. Let me explain better... 1) Client asks for "www.mydomain.com" type ANY to my server (RD bit is set) 2) Server gets the response (does not matter if from cache or not) but the answer is bigger than 512 bytes (or the server has udp-max-size 512 parameter in configuration) 3) Server send answer with TC bit = 1, but instead of giving partial response header is like this QDCOUNT = 1, ANCOUNT = 0, NSCOUTN = 0, ADDITIONAL=0 (if there is no EDSN0 in query) and just sent back the question section. 4) Client (if needed) re-do the query using TCP (some clients does not use records contained in packets with TC bit set in the header) If I'm not wrong RFCs does not state that partial answer must be returned to the client, so probably there is no issue in getting rid of them (with a configuration option :) ) Is there any parameter that could let me achieve this result? Kind regards. Seba _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
