Problems after upgrade to 9.10.4

Mukund Sivaraman muks at isc.org
Fri May 6 13:31:22 UTC 2016


Hi Michael

On Fri, May 06, 2016 at 02:57:59PM +0200, Michael Brunnbauer wrote:
> I tried running bind with dnssec-enable no and still the exchanges with
> tld nameservers involved many packets and TCP sessions. Why?

See below:

> > 07:25:08.157974 IP (tos 0x0, ttl 64, id 22351, offset 0, flags [none], proto UDP (17), length 75)
> >     81.209.177.155.40611 > 192.12.94.30.53: [bad udp cksum 0x21e0 -> 0xcab7!] 48603 [1au] A? ts.foaf-search.net. ar: . OPT UDPsize=512 OK (47)
> > 07:25:08.158034 IP (tos 0x0, ttl 64, id 22352, offset 0, flags [none], proto UDP (17), length 75)
> >     81.209.177.155.63722 > 192.12.94.30.53: [bad udp cksum 0x21e0 -> 0xd69b!] 22421 [1au] AAAA? ts.foaf-search.net. ar: . OPT UDPsize=512 OK (47)

These queries are sent by 81.209.177.155 to 192.12.94.30 with UDP
payload size set to 512. This caused the reply to be truncated:

[muks at jurassic ~]$ dig +bufsize=512 +dnssec @192.12.94.30 -t A foaf-search.net.
;; Truncated, retrying in TCP mode.

Why is the UDP payload size advertised as 512? Some previous timeout or
configuration caused it to be so. Check earlier logs. Try querying the
TLD NS directly with +bufsize=4096 to see if there are any issues in
getting replies to your network.

		Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160506/ae4091b8/attachment.bin>


More information about the bind-users mailing list