Adjusting edns udp timeout values

Aliet Santiesteban Sifontes alietsantiesteban at gmail.com
Mon Aug 25 18:24:19 UTC 2008 

I'm trying to make work edns in our setup, using rhel 5.2 bind 9.5.0P2
but I'm getting edns timeouts in all the request and this disables de
use of this protocol, I'm sure I have no firewall problems, since I'm
directly connected to the net to do this tests, I use a sattellite
link, and maybe this is the reason for so many timeouts, I was
wondering if is possible to increase the timeout of a edns requests,
and how this mechanism works, what's the exact value for bind shut a
timeout, is this value configurable??
Here I sent a dig output:

[root at ns1-new ~]# dig @localhost +dnssec se +trace

; <<>> DiG 9.5.0-P2 <<>> @localhost +dnssec se +trace
; (1 server found)
;; global options:  printcmd
.                       516538  IN      NS      H.ROOT-SERVERS.NET.
.                       516538  IN      NS      J.ROOT-SERVERS.NET.
.                       516538  IN      NS      F.ROOT-SERVERS.NET.
.                       516538  IN      NS      I.ROOT-SERVERS.NET.
.                       516538  IN      NS      C.ROOT-SERVERS.NET.
.                       516538  IN      NS      G.ROOT-SERVERS.NET.
.                       516538  IN      NS      L.ROOT-SERVERS.NET.
.                       516538  IN      NS      K.ROOT-SERVERS.NET.
.                       516538  IN      NS      E.ROOT-SERVERS.NET.
.                       516538  IN      NS      M.ROOT-SERVERS.NET.
.                       516538  IN      NS      B.ROOT-SERVERS.NET.
.                       516538  IN      NS      A.ROOT-SERVERS.NET.
.                       516538  IN      NS      D.ROOT-SERVERS.NET.
;; Received 599 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

se.                     172800  IN      NS      A.NS.se.
se.                     172800  IN      NS      B.NS.se.
se.                     172800  IN      NS      C.NS.se.
se.                     172800  IN      NS      D.NS.se.
se.                     172800  IN      NS      E.NS.se.
se.                     172800  IN      NS      F.NS.se.
se.                     172800  IN      NS      G.NS.se.
se.                     172800  IN      NS      H.NS.se.
se.                     172800  IN      NS      I.NS.se.
;; Received 378 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 546 ms

se.                     7200    IN      SOA
catcher-in-the-rye.nic.se. registry-default.nic.se. 2008082508 1800
1800 2419200 7200
se.                     7200    IN      RRSIG   SOA 5 1 172800
20080831011934 20080825161241 18048 se.
AQDQY5xWlXcEKa1dJlxGSwqXOgLa/3NXD/UAUcY9FTNCAwhmpDX/TNas
iv8hiG6yxT5EdA82mUBAWTFRmBCEZoLBI3rcLQCDXbqMUaRdtgrU8Mnn
zeckaLhUO3NXVka7mrTJ+M+3kM6+MlSnYIT2lGbJ/hMK9cIGwGTHxXVj jk8=
se.                     7200    IN      NSEC    0-0.se. NS SOA TXT
RRSIG NSEC DNSKEY
se.                     7200    IN      RRSIG   NSEC 5 1 7200
20080831080758 20080824201241 18048 se.
nCJyif3G0EOFjCrFIsEacfVU8u5OXNqfS48tO9PT6/X9vZviGAz/fnGP
pTw0EVK5kdwsxjjCM/x/Vvn1JEjZTSyiyN7jCcc33OKkF96Un7K5ldmD
C99dFGKqXh758HnVRyimLKiwl+ogRgAEg/KUmkBTLkdVao2Dm5ogAK2P pko=
;; Received 460 bytes from 81.228.8.16#53(D.NS.se) in 678 ms

Here it works dnssec.

But in bind logs, is timeout, here I attache a capture file, wich shows the

More information about the bind-users mailing list