dig ignores +notcp when doing IXFR (DiG 9.5.0-P2)

Chris Thompson cet1 at cam.ac.uk
Fri Dec 6 17:11:42 UTC 2013


On Dec 5 2013, Matthew Pounsett wrote:

>
>On 2013-12-05, at 01:37 , Mark Andrews <marka at isc.org> wrote:
>
>> 
>>>> Note, named will for the use of TCP in its UDP response.
>> 
>> 	s/for/force/
>
>Always? Regardless of response size?  Interesting.  What's the rationale
>for doing it that way?

Just to clarify, RFC 1995 says

| Transport of a query may be by either UDP or TCP.  If an IXFR query
| is via UDP, the IXFR server may attempt to reply using UDP if the
| entire response can be contained in a single DNS packet.  If the UDP
| reply does not fit, the query is responded to with a single SOA
| record of the server's current version to inform the client that a
| TCP query should be initiated.

The sense in which BIND "forces use of TCP" is that when it gets an
IXFR request over UDP, it always just replies with the current SOA.
It doesn't bother to work out whether an incremental transfer is
possible and if so whether it would fit into the UDP payload.

Of course, if the client's supplied SOA serial is the same, this
response indicates that no zone transfer is needed.

-- 
Chris Thompson
Email: cet1 at cam.ac.uk


More information about the bind-users mailing list