bind says 'clocks are unsynchronized' but they are not
Shumon Huque
shuque at isc.upenn.edu
Fri Jul 9 15:44:02 UTC 2010
On Fri, Jul 09, 2010 at 08:33:10AM +0200, Niklas Jakobsson wrote:
> I assume this has to do with the transfer-format option set to
> 'many-answers' (this is the default of bind), so what decides how many
> records goes into one DNS packet? Since it is a tcp-stream I assumed
> there would be only one TSIG signature in the end, I guess I assumed
> wrong.
I just looked at a full zone transfer of one my larger zones
(from a BIND 9.6.x master), using the default (many-answers)
configuration. Here are some statistics:
Total RRs transferred: 500822
Total messages: 1031
Messages with TSIG records: 1031
Message sizes: 61675 max, 48424 min, 53770 average
That's roughly 500 records per DNS message. I haven't examined
the relevant code involved, so I don't know how BIND decides how
many records to put in each message. My guess: as many as can fit
into a DNS message and stay under 64K bytes (DNS message length
in TCP is a 16-bit field).
(Note that we use dynamic update, NOTIFY, and IXFR, so we rarely
do full zone transfers).
--
Shumon Huque
University of Pennsylvania.
More information about the bind-users
mailing list