The permanent fix of for PowerDNS to follow the DNS protocol and make the query
over TCP.
They have a choice of solutions. Just make a TCP query and make a second TCP
query for the XFR. Make a TCP query and then the XFR if required over the same
TCP connection.
--
Mark Andrews
> On 19 No
Hi Bob,
On Fri, Nov 18, 2022 at 07:20:22AM -0500, Bob McDonald wrote:
> The size of the TCP packets is a problem. You might also look at
> minimal-responses.
The issue seems to be that an SOA query response for this DNSSEC-signed
zone is 2293 bytes, and PowerDNS can not yet retry that SOA query o
Under certain circumstances, DNS zones representing Windows Active
Directory domains can have rather large numbers of NS records if there
are/were DCs running DNS. This can happen in any DNS zone with a large
number of secondary DNS servers.
The size of the TCP packets is a problem. You might also
The default EDNS0 buffer size has changed to 1232, how big is the response when
you use dig?
Perhaps increasing the edns buffer sizes would be a way out?
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside
On Fri, Nov 18, 2022 at 01:14:27AM +, Andy Smith wrote:
> What happens is that a NOTIFY is sent out, PowerDNS sees it and queries
> for SOA and logs this:
>
> Nov 18 00:25:26 daiquiri pdns_server[32452]: While checking domain freshness:
> Query to '2001:ba8:1f1:f085::53' for SOA of
> 'f.4.1.
On Fri, Nov 18, 2022 at 01:14:27AM +, Andy Smith wrote:
> Attached is empty-soa.txt, the text dump of the pcap of 4 packets. It
> shows:
Really attached now…
No. Time SourceDestination Protocol
Length Info
1 0.00 85.119.80.222 17
6 matches
Mail list logo
