In message <20121205125024.gc11...@fantomas.sk>, Matus UHLAR - fantomas writes: > >> On 28.11.12 18:38, Tony Finch wrote: > >>> Yes it does. For example, have a look at responses to queries for > >>> dotat.at > >>> in mx for various buffer sizes and observe that RRsets are dropped but > >>> the > >>> TC bit is not set. > > >On 11/30/2012 01:30 PM, Matus UHLAR - fantomas wrote: > >> Nice to see. I'm seeing recommendations to set minimal-responses to avoid > >> truncation problem anywhere and I'd like to have documented somewhere that > >> it just won't help... > > On 03.12.12 09:41, Gilles Massen wrote: > >Truncation happens only if the ANSWER section is too large, and as > >minimal-responses only affects AUTHORITY and ADDITIONAL the effect on > >truncation should be null. > > I'm curious if there's any case where the AUTHORITY section is needed to > proper function of DNS. I think I've seen reports about truncaetd responses > with AUTHORITY section added ... maybe intermediate firewall or > loadbalancer truncating them...
Yes. Referrals. Additionally the additional section records are not optional in a referral. Records added at step 6 of Section 4.3.2. of RFC 1034 are optional. Records added to the additional section at other steps are not optional. There have been demonstated cases of referrals failing due to not adding glue records in a referral. Named will produce responses with TC=1 as a result of not being able to add records to the additional section. Every referral from the root servers to COM or NET using plain DNS should result in TC=1 being set. > >For UPD fragmentation it is an entirely different matter, of course. But > >should default settings really be optimized to accomodate broken firewalls? > > default or non-default, if weare behind firewall or loadbalancer, we should > know when they cause troubles. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Enter any 12-digit prime number to continue. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
