Hello Mukund, On Fri, May 06, 2016 at 07:01:22PM +0530, Mukund Sivaraman wrote: > These queries are sent by 81.209.177.155 to 192.12.94.30 with UDP > payload size set to 512. This caused the reply to be truncated: > > [muks@jurassic ~]$ dig +bufsize=512 +dnssec @192.12.94.30 -t A > foaf-search.net. > ;; Truncated, retrying in TCP mode. > > Why is the UDP payload size advertised as 512? Some previous timeout or > configuration caused it to be so. Check earlier logs.
I cannot find the cause. My dump covers ca. 8 hours with 11 UDP requests to
192.12.94.30 and all have UDPsize=512. But I just did a few tests with the
isc.org name servers and UDPsize is successfully increased to 4096 after the
initial default of 512:
17:08:53.982931 IP (tos 0x0, ttl 64, id 23755, offset 0, flags [none], proto
UDP (17), length 69)
81.209.177.155.47866 > 199.254.63.254.53: [bad udp cksum 0x0bac -> 0x43fa!]
30601 [1au] A? www5.isc.org. ar: . OPT UDPsize=4096 OK (41)
17:08:53.995468 IP (tos 0x0, ttl 58, id 63088, offset 0, flags [none], proto
UDP (17), length 723)
199.254.63.254.53 > 81.209.177.155.47866: [udp sum ok] 30601 NXDomain*- q:
A? www5.isc.org. 0/6/1 ns: isc.org. [1h] SOA ns-int.isc.org.
hostmaster.isc.org. 2016050401 7200 3600 24796800 3600, isc.org. [1h] RRSIG,
isc.org. [1h] NSEC, isc.org. [1h] RRSIG, www-test.isc.org. [1h] NSEC,
www-test.isc.org. [1h] RRSIG ar: . OPT UDPsize=4096 OK (695)
I discovered 7 free UDP ports above 1023 that were blocked by iptables on that
host. This caused ca. 1-2 UDP replies to bind to be blocked per day. After my
upgrade to bind 9.10.4 (when the problems started), no UDP reply from
192.12.94.30 was blocked and no EDNS related messages from bind can be found
in the syslog.
> Try querying the
> TLD NS directly with +bufsize=4096 to see if there are any issues in
> getting replies to your network.
This works:
17:23:18.933075 IP (tos 0x0, ttl 64, id 47659, offset 0, flags [none], proto
UDP (17), length 72)
81.209.177.155.38738 > 192.12.94.30.53: [bad udp cksum 0x21dd -> 0x5e85!]
53886+ [1au] A? foaf-search.net. ar: . OPT UDPsize=4096 OK (44)
17:23:18.967569 IP (tos 0x0, ttl 52, id 28309, offset 0, flags [none], proto
UDP (17), length 604)
192.12.94.30.53 > 81.209.177.155.38738: [udp sum ok] 53886- q: A?
foaf-search.net. 0/6/1 ns: foaf-search.net. [2d] NS ns.netestate.de.,
foaf-search.net. [2d] NS ns1.netestate.de.,
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. [1d] Type50,
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. [1d] RRSIG,
MI79E5R1F40QCUPOIBCU93AR486VI70V.net. [1d] Type50,
MI79E5R1F40QCUPOIBCU93AR486VI70V.net. [1d] RRSIG ar: . OPT UDPsize=4096 OK (576)
cu,
brunni
--
++ Michael Brunnbauer
++ netEstate GmbH
++ Geisenhausener Straße 11a
++ 81379 München
++ Tel +49 89 32 19 77 80
++ Fax +49 89 32 19 77 89
++ E-Mail bru...@netestate.de
++ http://www.netestate.de/
++
++ Sitz: München, HRB Nr.142452 (Handelsregister B München)
++ USt-IdNr. DE221033342
++ Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
++ Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
