> On 21 Mar 2020, at 04:22, Bob Harold <rharo...@umich.edu> wrote: > > Do you know why the OS is having a problem? It just occurs to me that the > problem might be that the result does not fit in a UDP packet, (without > EDNS?) and the fallback to TCP is not working. Can you try 'dig ...' and > 'dig +tcp ...' on that OS to see if both are working? If it is DNS TCP > issue, there might be a solution in fixing firewalls/acls/iptables or such.
It will almost always be the CPE not implementing DNS over TCP if it is a home user. Stub resolvers fallback to TCP but if the CPE device doesn’t implement DNS over TCP the lookup will fail. Replacing the CPE with a working CPE or reducing the number of records in the response is the work around for this. I would be claiming the cost of the CPE devices back from the manufacture/retailer as they are not fit for purpose. If the stub resolver does EDNS then there are CPE devices which don’t adjust the OPT record to match the minimum of the CPE's UDP buffer size and the UDP buffer size in the request and just pass through the request, this results in truncated UDP responses being returned to the client. Adjusting the advertised UDP buffer size in the EDNS request should work around this. Worst case you drop it to 512 bytes. Now each additional A record takes 16 bytes to transmit (compression pointer(2), type(2), class(2), ttl(4), rdlen(2), data(4)) so with 30 A records you are looking at 480 bytes minimum + the query section + the header + the authority section. Turning on minimal responses will help if not already enabled. Mark > -- > Bob Harold > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
