FW: BIND limits and performance questions
brad.knowles at skynet.be
Fri Mar 23 18:18:46 UTC 2001
At 9:37 AM -0800 3/23/01, Morris Balamut wrote:
>>> Once you break that 512-byte limit for something as fundamental
>>> as the RRset for the NS records, all holy hell will break loose
>>> (which is why there aren't any more than thirteen root nameservers).
> Could you kindly explain what "all holy hell will break loose" means.
> What actually happens and why is that bad?
It's called "truncation". Damn few applications I know of
actually handle truncation correctly, and in the case of something
like Internet e-mail may simply refuse to send mail to the domain,
In theory, what happens is the resolver library in question is
supposed to look at where the truncation occurs, and if it's in the
"AUTHORITY" section, it throws away the entire set of results and
re-tries the query using TCP (this is why blocking TCP port 53 is a
really, really bad idea). Once the query is retried with TCP, it
takes the expanded data and feeds that back to the application, but
many applications don't reserve enough space in their data structures
to hold that much, and a lot of the information is lost anyway.
If the truncation occurs in the "ADDITIONAL" section, then it
passes the information up to the application, and the application may
choose to re-try the query using a "virtual circuit" (i.e., with TCP).
In any event, suffice it to say that many programs simply flake
out in the face of truncation, and you really need to make certain
you do everything you possibly can to ensure that you never cause
truncation in any form.
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne's/\.//;print pack("H124",$1)if(/^x([^\.]*)/)'
More information about the bind-users