Adjusting edns udp timeout values
Aliet Santiesteban Sifontes
alietsantiesteban at gmail.com
Mon Aug 25 18:24:19 UTC 2008
I'm trying to make work edns in our setup, using rhel 5.2 bind 9.5.0P2
but I'm getting edns timeouts in all the request and this disables de
use of this protocol, I'm sure I have no firewall problems, since I'm
directly connected to the net to do this tests, I use a sattellite
link, and maybe this is the reason for so many timeouts, I was
wondering if is possible to increase the timeout of a edns requests,
and how this mechanism works, what's the exact value for bind shut a
timeout, is this value configurable??
Here I sent a dig output:
[root at ns1-new ~]# dig @localhost +dnssec se +trace
; <<>> DiG 9.5.0-P2 <<>> @localhost +dnssec se +trace
; (1 server found)
;; global options: printcmd
. 516538 IN NS H.ROOT-SERVERS.NET.
. 516538 IN NS J.ROOT-SERVERS.NET.
. 516538 IN NS F.ROOT-SERVERS.NET.
. 516538 IN NS I.ROOT-SERVERS.NET.
. 516538 IN NS C.ROOT-SERVERS.NET.
. 516538 IN NS G.ROOT-SERVERS.NET.
. 516538 IN NS L.ROOT-SERVERS.NET.
. 516538 IN NS K.ROOT-SERVERS.NET.
. 516538 IN NS E.ROOT-SERVERS.NET.
. 516538 IN NS M.ROOT-SERVERS.NET.
. 516538 IN NS B.ROOT-SERVERS.NET.
. 516538 IN NS A.ROOT-SERVERS.NET.
. 516538 IN NS D.ROOT-SERVERS.NET.
;; Received 599 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
se. 172800 IN NS A.NS.se.
se. 172800 IN NS B.NS.se.
se. 172800 IN NS C.NS.se.
se. 172800 IN NS D.NS.se.
se. 172800 IN NS E.NS.se.
se. 172800 IN NS F.NS.se.
se. 172800 IN NS G.NS.se.
se. 172800 IN NS H.NS.se.
se. 172800 IN NS I.NS.se.
;; Received 378 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 546 ms
se. 7200 IN SOA
catcher-in-the-rye.nic.se. registry-default.nic.se. 2008082508 1800
1800 2419200 7200
se. 7200 IN RRSIG SOA 5 1 172800
20080831011934 20080825161241 18048 se.
AQDQY5xWlXcEKa1dJlxGSwqXOgLa/3NXD/UAUcY9FTNCAwhmpDX/TNas
iv8hiG6yxT5EdA82mUBAWTFRmBCEZoLBI3rcLQCDXbqMUaRdtgrU8Mnn
zeckaLhUO3NXVka7mrTJ+M+3kM6+MlSnYIT2lGbJ/hMK9cIGwGTHxXVj jk8=
se. 7200 IN NSEC 0-0.se. NS SOA TXT
RRSIG NSEC DNSKEY
se. 7200 IN RRSIG NSEC 5 1 7200
20080831080758 20080824201241 18048 se.
nCJyif3G0EOFjCrFIsEacfVU8u5OXNqfS48tO9PT6/X9vZviGAz/fnGP
pTw0EVK5kdwsxjjCM/x/Vvn1JEjZTSyiyN7jCcc33OKkF96Un7K5ldmD
C99dFGKqXh758HnVRyimLKiwl+ogRgAEg/KUmkBTLkdVao2Dm5ogAK2P pko=
;; Received 460 bytes from 81.228.8.16#53(D.NS.se) in 678 ms
Here it works dnssec.
But in bind logs, is timeout, here I attache a capture file, wich shows the
More information about the bind-users
mailing list