ns_resp: TCP truncated

Barry Margolin barmar at bbnplanet.com
Thu Aug 26 14:43:07 UTC 1999


In article <199908261407.HAA18959 at neko.cts.com>,
Tony Harris <tharris at cts.com> wrote:
>Does anyone know what would cause the following message?
>
>Aug 26 02:41:50 ns named[26398]: ns_resp: TCP truncated:
>"rslhelp.radiusplc.co.uk" IN ANY

This means that your server tried performing that query, got a message with
the "truncated" flag set (which normally means that the answer is too big
for a 500-byte UDP response), so then it tried again using TCP, and it
*still* got a truncated response.

There seems to be a problem with the nameserver for the radiusplc.co.uk
domain.  It's returning an empty response with the truncated flag when you
perform an ANY query:

; <<>> DiG 2.2 <<>> rslhelp.radiusplc.co.uk any @ns0.radiusplc.co.uk +vc 
; (1 server found)
;; res options: init usevc recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa tc rd ra; Ques: 1, Ans: 0, Auth: 0, Addit: 0
;; QUESTIONS:
;;	rslhelp.radiusplc.co.uk, type = ANY, class = IN

;; Total query time: 348 msec
;; FROM: tools to SERVER: ns0.radiusplc.co.uk  62.232.34.253
;; WHEN: Thu Aug 26 10:31:49 1999
;; MSG SIZE  sent: 41  rcvd: 41

I tried a zone a zone transfer, and the following are the only records that
showed up for rslhelp:

rslhelp.radiusplc.co.uk.	43200	MX	10 mailserver3.radiusplc.co.uk.
rslhelp.radiusplc.co.uk.	43200	MX	5 mailserver2.radiusplc.co.uk.
rslhelp.radiusplc.co.uk.	43200	A	192.168.2.11

Interestingly, if you specifically ask for the MX records, you also get the
empty, truncated response:

; <<>> DiG 2.2 <<>> rslhelp.radiusplc.co.uk mx @ns0.radiusplc.co.uk 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa tc rd ra; Ques: 1, Ans: 0, Auth: 0, Addit: 0
;; QUESTIONS:
;;	rslhelp.radiusplc.co.uk, type = MX, class = IN

;; Total query time: 462 msec
;; FROM: tools to SERVER: ns0.radiusplc.co.uk  62.232.34.253
;; WHEN: Thu Aug 26 10:37:35 1999
;; MSG SIZE  sent: 41  rcvd: 41


>Another wierd thing is my nameserver does not host any co.uk domains 
>nor does it have any host records that contain that IP address.  

I don't see why that's weird.  These messages are about invalid responses
received when your server is performing recursive queries for your users,
and has nothing to do with the data you host.

>These TCP truncated messages started Aug 25th 01:03:04 and they have popped
>up in my named.log 233 times since then.  Another issue on this
>nameserver is the 
>CPU usage for named.  It has always run between 2% - 4% but starting on the 
>25th I have found it at 90%+ leaving the system at 0.0% idle.  By running
>an ndc restart
>it seems to go back down to normal for a while.  However, it occasionally
>jumps back
>up there.  Could these 2 events be related?

It seems too coincidental for it to be unrelated, but I'm not sure what the
cause would be.  Perhaps the client that's trying to access that name is
repeatedly querying for it, since it's not getting a valid response.  You
could turn on query logging to find out who's looking it up, and let them
know that the remote site has screwed up DNS servers and he should give up
on that application.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list