Hi, Mark you are right saing "When it's possible..." But I want to address the the situation when the DNS server is made to limit response on 512 Bytes (i.e. for bind server parameter udp-max-size 512) and the answer is bigger. (Imagine I have a big TXT record for example)
As bind up to version 9.9.1-P1 gives partial answer in this case (filling the reply packet up to 512 Bytes and setting TC bit) is there any configuration to obtain a response packet with omitted "answer" and "authorities" and, unless additional record is specified by query packet i.e. setting edsn0, "additional" parts ? The behaviour I observed is not what you said is stated in DNSSEC (but I'm not just talking about DNSSEC) related RFCs, even if I would like it had been like that. Regards, Sebastiano On Wed, Jun 27, 2012 at 2:10 PM, Marc Lampo <marc.la...@eurid.eu> wrote: > Hello, > > Several RFC's on DNS do state that name servers (not only Bind) should > avoid, > if possible, to send messages that would require the TC bit set in the > reply. > Replies can be stay shorter if some sections (authority/additional) are > not > included in the reply. > I know for sure that DNSSEC related RFC's explicitly state to leave > authority/additional section empty if filling them would lead to the > answer becoming too big and requiring the TC bit to be set. > --> it is not a configuration setting, it's RFC defined. > > > Kind regards, > > Marc Lampo > Security Officer > EURid (for .eu) > > > -----Original Message----- > From: Sebastiano Di Paola [mailto:sebastiano.dipa...@gmail.com] > Sent: 27 June 2012 10:43 AM > To: bind-users@lists.isc.org > Subject: Truncated DNS message over UDP > > Hello everyone, > before sending this email I tried do some seaches on this topic, but no > luck so far...so before bothering bind-workers here's my question > > I was wondering if a configuration option exists in order to force bind > server to send a "minimal (from size and number of returned record point > of view)" response in case the trucated bit is set in the header. > > Let me explain better... > 1) Client asks for "www.mydomain.com" type ANY to my server (RD bit is > set) > 2) Server gets the response (does not matter if from cache or not) but the > answer is bigger than 512 bytes (or the server has udp-max-size > 512 parameter in configuration) > 3) Server send answer with TC bit = 1, but instead of giving partial > response header is like this QDCOUNT = 1, ANCOUNT = 0, NSCOUTN = 0, > ADDITIONAL=0 (if there is no EDSN0 in query) and just sent back the > question section. > 4) Client (if needed) re-do the query using TCP (some clients does not use > records contained in packets with TC bit set in the header) > > If I'm not wrong RFCs does not state that partial answer must be returned > to the client, so probably there is no issue in getting rid of them (with > a configuration option :) ) > > Is there any parameter that could let me achieve this result? > Kind regards. > Seba > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
