EDNS and fallback
Bischof, Ralph F. (MSFC-IS40)[NICS]
ralph.bischof at nasa.gov
Thu May 14 20:02:54 UTC 2015
Hello,
I am trying to understand EDNS queries and the fallback capabilities. BIND 9.9.6-P1. I have a particular scenario where two sites are connected via firewall links and UDP fragmentation is not allowed. The symptoms I am seeing is that a dig command sends out several queries with EDNS and bufsize of 4096. The server on the other side of this setup answers back with an answer sized at 3410, yet no packets reach back to the dig query. According to the Knowledgebase article linked below, I expected to see the client fallback to EDNS with a bufsize of 512 when it did not receive a reply. Am I wrong? I have also listed the part that concerns me.
https://kb.isc.org/article/AA-01219/30/Refinements-to-EDNS-fallback-behavior-can-cause-different-outcomes-in-Recursive-Servers.html
"For currently (and recently) supported versions of BIND up to and including BIND 9.9, the fallback algorithm for a 'new' authoritative server operates as follows:
Query with EDNS, advertising size 4096, DO (DNSSEC OK) bit set
If no response, retry with EDNS, size 512, DO bit set"
Perhaps it has something to do with the meaning of "'new'"?
Thank you,
Ralph F. Bischof, Jr.
The opinions expressed within this communication are not necessarily those of NASA.
More information about the bind-users
mailing list