Timeouts
Mark Andrews
Mark_Andrews at isc.org
Thu Jul 26 23:08:15 UTC 2007
> I read an earlier post regarding 512 bytes and timeouts:
>
> Ok, so I have a few DNS servers behind some PIX firewalls. The PIX
>
> > > IOS
> > > does not support the "fixup protocol dns" command, and we are
> > > getting a
> > > response from a DNS server which is 554 bytes.
> > >
> > > I understand the obvious fix for this problem... upgrade the PIX.
> > >
> > > But as a temp fix, is it possible to have BIND send out a TCP query
> > > only
> > > for this one zone we are having the issue with?
>
>
> > Hm I would try the option setting
> > edns-udp-size 512;
> > to limit the size of udp packets that bind can send out.
>
>
>
> max-udp-size controls what the server will send.
> edns-udp-size controls what the server advertises it can accept.
>
> edns-udp-size <integer>;
> max-udp-size <integer>;
>
>
>
> I am using BIND 9.3.1
Note max-udp-size is a 9.4 option not a 9.3 option.
drugs:cvs 09:05 {303} % grep udp 9.[43].x/doc/misc/options
9.3.x/doc/misc/options: avoid-v4-udp-ports { <port>; ... };
9.3.x/doc/misc/options: avoid-v6-udp-ports { <port>; ... };
9.3.x/doc/misc/options: edns-udp-size <integer>;
9.3.x/doc/misc/options: edns-udp-size <integer>;
9.4.x/doc/misc/options: avoid-v4-udp-ports { <port>; ... };
9.4.x/doc/misc/options: avoid-v6-udp-ports { <port>; ... };
9.4.x/doc/misc/options: edns-udp-size <integer>;
9.4.x/doc/misc/options: max-udp-size <integer>;
9.4.x/doc/misc/options: edns-udp-size <integer>;
9.4.x/doc/misc/options: max-udp-size <integer>;
9.4.x/doc/misc/options: edns-udp-size <integer>;
9.4.x/doc/misc/options: max-udp-size <integer>;
9.4.x/doc/misc/options: edns-udp-size <integer>;
9.4.x/doc/misc/options: max-udp-size <integer>;
drugs:cvs 09:05 {304} %
>
> I try to use the option, but it complains:
>
> Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.error]
> /opt/mps/data/dnspic/named.conf:5: unknown option 'max-udp-size'
> Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.crit] loading
> configuration: failure
> Jul 26 15:59:39 ptclvsdns2 named[12440]: [ID 866145 daemon.crit] exiting
> (due to fatal error)
>
> Is this incorrect syntax?
>
> bash-2.05# pg named.conf
> options {
> directory "/opt/mps/data/dnspic";
> pid-file "/opt/mps/data/dnspic/named.pid";
> port 53;
> max-udp-size 512;
> };
>
>
> The issue I am facing is that we have one DNS running BIND 8 and it has
> no problems.
>
> This DNS I upgraded to BIND 9.3.1 and it works fine, except that I get
> timeouts when I try to resolve a query to a single forwarder. All other
> queries work fine. I am sure there is something at the far end, most
> likely due to the fact that packets in BIND 9 are slightly larger than
> BIND 8, correct???? The far side has been uncooperative in my attempts
> to fix this, so I am trying anything.
>
> Here is a query done on the old BIND 8 server:
>
> > plmndns01.mnc380.mcc310.gprs
> Server: ptclvsdns1.nmplateaugsm.com
> Address: 172.23.192.75
>
> ;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs, IN, A)
> ------------
> SendRequest(), len 46
> HEADER:
> opcode = QUERY, id = 58563, rcode = NOERROR
> header flags: query, want recursion
> questions = 1, answers = 0, authority records = 0, additional = 0
>
> QUESTIONS:
> plmndns01.mnc380.mcc310.gprs, type = A, class = IN
>
> ------------
> ------------
> Got answer (170 bytes):
> HEADER:
> opcode = QUERY, id = 58563, rcode = NOERROR
> header flags: response, want recursion, recursion avail.
> questions = 1, answers = 1, authority records = 6, additional = 0
>
> QUESTIONS:
> plmndns01.mnc380.mcc310.gprs, type = A, class = IN
> ANSWERS:
> -> plmndns01.mnc380.mcc310.gprs
> type = A, class = IN, dlen = 4
> internet address = 209.183.42.245
> ttl = 102 (102)
> AUTHORITY RECORDS:
> -> (root)
> type = NS, class = IN, dlen = 7
> nameserver = dnsc.gprs
> ttl = 229087 (229087)
> -> (root)
> type = NS, class = IN, dlen = 7
> nameserver = dnsd.gprs
> ttl = 229087 (229087)
> -> (root)
> type = NS, class = IN, dlen = 7
> nameserver = dnse.gprs
> ttl = 229087 (229087)
> -> (root)
> type = NS, class = IN, dlen = 7
> nameserver = dnsf.gprs
> ttl = 229087 (229087)
> -> (root)
> type = NS, class = IN, dlen = 7
> nameserver = dnsa.gprs
> ttl = 229087 (229087)
> -> (root)
> type = NS, class = IN, dlen = 7
> nameserver = dnsb.gprs
> ttl = 229087 (229087)
>
> ------------
> Non-authoritative answer:
> Name: plmndns01.mnc380.mcc310.gprs
> Address: 209.183.42.245
>
> >
>
> And the same query done from the BIND 9 server:
>
> > plmndns01.mnc380.mcc310.gprs
> Server: ptclvsdns2.nmplateaugsm.com
> Address: 172.23.192.74
>
> ;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs, IN, A)
> ------------
> SendRequest(), len 46
> HEADER:
> opcode = QUERY, id = 521, rcode = NOERROR
> header flags: query, want recursion
> questions = 1, answers = 0, authority records = 0, additional = 0
>
> QUESTIONS:
> plmndns01.mnc380.mcc310.gprs, type = A, class = IN
>
> ------------
> timeout
> timeout
> SendRequest failed
> ;; res_nmkquery(QUERY, plmndns01.mnc380.mcc310.gprs., IN, A)
> ------------
> SendRequest(), len 46
> HEADER:
> opcode = QUERY, id = 522, rcode = NOERROR
> header flags: query, want recursion
> questions = 1, answers = 0, authority records = 0, additional = 0
>
> QUESTIONS:
> plmndns01.mnc380.mcc310.gprs, type = A, class = IN
>
> ------------
> timeout
> ------------
> Got answer (46 bytes):
> HEADER:
> opcode = QUERY, id = 522, rcode = SERVFAIL
> header flags: response, want recursion, recursion avail.
> questions = 1, answers = 0, authority records = 0, additional = 0
>
> QUESTIONS:
> plmndns01.mnc380.mcc310.gprs, type = A, class = IN
>
> ------------
> *** ptclvsdns2.nmplateaugsm.com can't find plmndns01.mnc380.mcc310.gprs:
> Server
> failed
> >
>
> Any suggestions??
>
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list