edns responses not sent by DNS Server

Mark Andrews marka at isc.org
Tue May 30 08:09:59 UTC 2017



In message <1496129104656-3884.post at n4.nabble.com>, Harshith Mulky writes:
> Hello Experts,
> 
> I have bind installed on OpenSuse 13.2 with version: bind-9.9.5P1
> 
> I am doing a Test with client application telling that edns is supported on
> DNS Server with udp-payload-size supported as 512 bytes
> 
> I have the following configuration on my DNS Server
> 
> server 127.0.0.1 {
>         edns yes;
>         edns-udp-size 512; //max size query sever can receive is upto 4096
> bytes(default value=4096 )
>         max-udp-size 512; //max size server can transfer is upto 4096
> bytes(default value =4096)
> };
> 
> When my client is querying the external DNS Server, it is adding OPT RR
> pseudo section for edns query
> 
> The query as below
> 
> Domain Name System (query)
>     [Response In: 116]
>     Transaction ID: 0xc015
>     Flags: 0x0100 (Standard query)
>         0... .... .... .... = Response: Message is a query
>         .000 0... .... .... = Opcode: Standard query (0)
>         .... ..0. .... .... = Truncated: Message is not truncated
>         .... ...1 .... .... = Recursion desired: Do query recursively
>         .... .... .0.. .... = Z: reserved (0)
>         .... .... ...0 .... = Non-authenticated data: Unacceptable
>     Questions: 1
>     Answer RRs: 0
>     Authority RRs: 0
>     Additional RRs: 1
>     Queries
>         pcr21381.dflt.vzb.com: type NAPTR, class IN
>             Name: pcr21381.dflt.vzb.com
>             Type: NAPTR (Naming authority pointer)
>             Class: IN (0x0001)
>     Additional records
>         <Root>: type OPT
>             Name: <Root>
>             Type: OPT (EDNS0 option)
>             UDP payload size: 512
>             Higher bits in extended RCODE: 0x0
>             EDNS0 version: 0
>             Z: 0x8000
>                 Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
>                 Bits 1-15: 0x0 (reserved)
>             Data length: 0
> 
> The answer to this query does not contain anything. The size of my answer
> bytes is greater than 512(which i checked using dig) Will bind
> limit/truncate/not send answers if it does not fall below the
> max-udp-payload size

No. The answer contains a indication that the answer is truncated
and there is a OPT (EDNS) record.  The client should retry the query
using TCP which is what DiG does below.  This is standard client
behaviour.  If your client does not do this then it is broken and
you should complain to the vendor.

> The answer is coming as below
> 
> Domain Name System (response)
>     [Request In: 115]
>     [Time: 0.000318000 seconds]
>     Transaction ID: 0xc015
>     Flags: 0x8720 (Standard query response, No error)
>         1... .... .... .... = Response: Message is a response
>         .000 0... .... .... = Opcode: Standard query (0)
>         .... .1.. .... .... = Authoritative: Server is an authority for
> domain
>         .... ..1. .... .... = Truncated: Message is truncated
>         .... ...1 .... .... = Recursion desired: Do query recursively
>         .... .... 0... .... = Recursion available: Server can't do recursive
> queries
>         .... .... .0.. .... = Z: reserved (0)
>         .... .... ..1. .... = Answer authenticated: Answer/authority portion
> was authenticated by the server
>         .... .... ...0 .... = Non-authenticated data: Unacceptable
>         .... .... .... 0000 = Reply code: No error (0)
>     Questions: 1
>     Answer RRs: 0
>     Authority RRs: 0
>     Additional RRs: 1
>     Queries
>         pcr21381.dflt.vzb.com: type NAPTR, class IN
>             Name: pcr21381.dflt.vzb.com
>             Type: NAPTR (Naming authority pointer)
>             Class: IN (0x0001)
>     Additional records
>         <Root>: type OPT
>             Name: <Root>
>             Type: OPT (EDNS0 option)
>             UDP payload size: 4096
>             Higher bits in extended RCODE: 0x0
>             EDNS0 version: 0
>             Z: 0x8000
>                 Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
>                 Bits 1-15: 0x0 (reserved)
>             Data length: 0
> 
> 
> When i do a dig with these options I do not see any issues:
> 
> [ssuser at hmslavepsxvm1 BIN]$ dig @FD00:10:6B50:41C0:0:0:0:9B
> pcr21381.dflt.vzb.com NAPTR +norecurse +edns=0 +bufsize=512
> ;; Truncated, retrying in TCP mode.
> 
> ; <<>> DiG 9.6.0-P1 <<>> @FD00:10:6B50:41C0:0:0:0:9B pcr21381.dflt.vzb.com
> NAPTR +norecurse +edns=0 +bufsize=512
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50716
> ;; flags: qr aa; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;pcr21381.dflt.vzb.com.         IN      NAPTR
> 
> ;; ANSWER SECTION:
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 38 "u" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   10 34 "s" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 36 "u" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 35 "u" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   10 34 "s" "SIP+D2T" ""
> _sip._tcp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 40 "u" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 37 "u" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 39 "u" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> pcr21381.dflt.vzb.com.  300     IN      NAPTR   11 41 "u" "SIP+D2U" ""
> _sip._udp.pcr21381.dflt.vzb.com.
> 
> 
> 
> 
> --
> View this message in context: http://bind-users-forum.2342410.n4.nabble.com/edns-responses-not-sent-by-DNS-Server-tp3884.html
> Sent from the Bind-Users forum mailing list archive at Nabble.com.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-users mailing list