Truncated DNS message over UDP
marc.lampo at eurid.eu
Wed Jun 27 12:10:06 UTC 2012
Several RFC's on DNS do state that name servers (not only Bind) should
if possible, to send messages that would require the TC bit set in the
Replies can be stay shorter if some sections (authority/additional) are
included in the reply.
I know for sure that DNSSEC related RFC's explicitly state to leave
authority/additional section empty if filling them would lead to the
answer becoming too big and requiring the TC bit to be set.
--> it is not a configuration setting, it's RFC defined.
EURid (for .eu)
From: Sebastiano Di Paola [mailto:sebastiano.dipaola at gmail.com]
Sent: 27 June 2012 10:43 AM
To: bind-users at lists.isc.org
Subject: Truncated DNS message over UDP
before sending this email I tried do some seaches on this topic, but no
luck so far...so before bothering bind-workers here's my question
I was wondering if a configuration option exists in order to force bind
server to send a "minimal (from size and number of returned record point
of view)" response in case the trucated bit is set in the header.
Let me explain better...
1) Client asks for "www.mydomain.com" type ANY to my server (RD bit is
2) Server gets the response (does not matter if from cache or not) but the
answer is bigger than 512 bytes (or the server has udp-max-size
512 parameter in configuration)
3) Server send answer with TC bit = 1, but instead of giving partial
response header is like this QDCOUNT = 1, ANCOUNT = 0, NSCOUTN = 0,
ADDITIONAL=0 (if there is no EDSN0 in query) and just sent back the
4) Client (if needed) re-do the query using TCP (some clients does not use
records contained in packets with TC bit set in the header)
If I'm not wrong RFCs does not state that partial answer must be returned
to the client, so probably there is no issue in getting rid of them (with
a configuration option :) )
Is there any parameter that could let me achieve this result?
More information about the bind-users