TCP truncated?

Jay C Austad JCA at
Mon Mar 27 14:51:11 UTC 2000

It may be an F5 ( 3DNS system.  To route clients to the closest server (or cluster), it will attempt to do a zone xfer from the nameserver that requests an ip from it.  It kills the TCP session after it recieves some data and doesn't let the zone xfer finish.

We use a 3DNS, and get some complaints once in awhile.  It's not malicious, but if it bothers you, just block the ip.  However, people using your nameserver will not be able to look up any hosts on domains that are authoritative on that particular 3DNS.


-----Original Message-----
From: Jeroen Ruigrok van der Werven [mailto:asmodai at]
Sent: Monday, March 27, 2000 6:11 AM
To: Bind Users
Subject: TCP truncated?

Can someone with more in-depth knowledge of the BIND source code please
tell me what this means?

Mar 27 14:04:54 hel named[78358]: ns_resp: TCP truncated:
"" IN PTR from [].53

It seemingly only started today.

I am curious why they are using a TCP session for the NS stuff.

I am inclined to blackhole route this IP address since it goes on and

Thanks for any indication on what this is...

Jeroen Ruigrok van der Werven          Network- and systemadministrator
<asmodai at>                      VIA NET.WORKS The Netherlands
BSD: Technical excellence at its best
I know you have tried, to feel...

More information about the bind-users mailing list