BIND 9.11.2 acting as a forwarder: authority section populated differently than BIND 9.9.11 ?
Tony Finch
dot at dotat.at
Tue Feb 13 17:14:35 UTC 2018
Irwin Tillman <irwin at princeton.edu> wrote:
>
> When my server is running BIND 9.9.11, it returns an answer with the
> authority section populated.
>
> But when I upgrade my server to BIND 9.11.2, the same lookup
> performed immediately after I start my server returns no authority records,
> which is a surprise to me:
This is a consequence of a change to BIND's EDNS buffer size probing
behaviour. Before 9.10, it would start with a 4096 byte buffer size and
reduce it in response to problems; in 9.10 and later it starts with a 512
byte buffer size and works up to bigger sizes as long as things continue
to work.
Because the initial queries only offer a small buffer size, there is
less room for addidional data, so it can be (harmlessly) dropped.
In this specific case, when your server queries e.g. dns.princeton.edu
with a 512 byte buffer, the upstream server returns a minimal response.
(This seems very meek to me, because when I try with a 513 byte buffer, I
get a 345 byte response with a decent amount of additional data, which
could just as well have been returned to a 512 byte buffer query.)
So your server doesn't have anything to put in the additional section, so
it leaves it empty. The more information your server collects as time
goes on, the more additional data it can add to its responses.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Sole, Lundy, Fastnet, Irish Sea: West or northwest, backing south or
southwest, 5 to 7, increasing gale 8 for a time, occasionally severe gale 9
later except in Sole. Rough or very rough, moderate except in Sole. Squally
wintry showers then rain. Good, occasionally poor.
More information about the bind-users
mailing list