truncated responses vs. minimal-responses?

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Dec 5 12:50:24 UTC 2012


>> On 28.11.12 18:38, Tony Finch wrote:
>>> Yes it does. For example, have a look at responses to queries for
>>> dotat.at
>>> in mx for various buffer sizes and observe that RRsets are dropped but
>>> the
>>> TC bit is not set.

>On 11/30/2012 01:30 PM, Matus UHLAR - fantomas wrote:
>> Nice to see. I'm seeing recommendations to set minimal-responses to avoid
>> truncation problem anywhere and I'd like to have documented somewhere that
>> it just won't help...

On 03.12.12 09:41, Gilles Massen wrote:
>Truncation happens only if the ANSWER section is too large, and as
>minimal-responses only affects AUTHORITY and ADDITIONAL the effect on
>truncation should be null.

I'm curious if there's any case where the AUTHORITY section is needed to
proper function of DNS. I think I've seen reports about truncaetd responses
with AUTHORITY section added ... maybe intermediate firewall or
loadbalancer truncating them...

>For UPD fragmentation it is an entirely different matter, of course. But
>should default settings really be optimized to accomodate broken firewalls?

default or non-default, if weare behind firewall or loadbalancer, we should
know when they cause troubles.


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.



More information about the bind-users mailing list