Truncated DNS message over UDP

Marc Lampo marc.lampo at
Wed Jun 27 12:10:06 UTC 2012


Several RFC's on DNS do state that name servers (not only Bind) should
if possible, to send messages that would require the TC bit set in the

Replies can be stay shorter if some sections (authority/additional) are
included in the reply.
I know for sure that DNSSEC related RFC's explicitly state to leave
authority/additional section empty if filling them would lead to the
answer becoming too big and requiring the TC bit to be set.
--> it is not a configuration setting, it's RFC defined.

Kind regards,

Marc Lampo
Security Officer
EURid (for .eu)

-----Original Message-----
From: Sebastiano Di Paola [mailto:sebastiano.dipaola at] 
Sent: 27 June 2012 10:43 AM
To: bind-users at
Subject: Truncated DNS message over UDP

Hello everyone,
before sending this email I tried do some seaches on this topic, but no
luck so before bothering bind-workers here's my question

I was wondering if a configuration option exists in order to force bind
server to send a "minimal (from size and number of returned record point
of view)" response in case the trucated bit is set in the header.

Let me explain better...
1) Client asks for "" type ANY to my server (RD bit is
2) Server gets the response (does not matter if from cache or not) but the
answer is bigger than 512 bytes (or the server has  udp-max-size
512 parameter in configuration)
3) Server send answer with TC bit = 1, but instead of giving partial
response header is like this QDCOUNT = 1, ANCOUNT = 0, NSCOUTN = 0,
ADDITIONAL=0 (if there is no EDSN0 in query) and just sent back the
question section.
4) Client (if needed) re-do the query using TCP (some clients does not use
records contained in packets with TC bit set in the header)

If I'm not wrong RFCs does not state that partial answer must be returned
to the client, so probably there is no issue in getting rid of them (with
a configuration option :) )

Is there any parameter that could let me achieve this result?
Kind regards.

More information about the bind-users mailing list