BIND 9.11 no longer respects edns-udp-size?
Mark Andrews
marka at isc.org
Mon Mar 11 23:01:25 UTC 2019
I actually HATE this behaviour by TLDs. There is no need to restrict the EDNS
UDP size at the authoritative server to prevent fragmentation. If the path
block fragments the client will adjust their EDNS UDP size to match. If the
path supports fragmentation (which is the actual RFC requirement) then the
client doesn’t need to switch to TCP. Stop forcing me to use TCP because
others can’t configure their firewalls correctly. It’s not your job to
correct for their stupidity.
The network doesn’t drop fragments. Firewalls at the client end may and if
so it it the clients responsibility to fix the firewalls. This is self inflicted
pain. If you have local equipment that is dropping fragments FIX IT.
Mark
> On 12 Mar 2019, at 1:02 am, Stéphane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> On Mon, Mar 11, 2019 at 09:39:58PM +1100,
> Mark Andrews <marka at isc.org> wrote
> a message of 119 lines which said:
>
>> You are using the wrong control.
>> Max-udp-size is what you want.
>
> Thanks it works as expected now.
>
> % dig +ignore @194.0.9.1 DNSKEY ma
>
> ; <<>> DiG 9.10.3-P4-Debian <<>> +ignore @194.0.9.1 DNSKEY ma
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24200
> ;; flags: qr aa tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1432
> ;; QUESTION SECTION:
> ;ma. IN DNSKEY
>
> ;; Query time: 3 msec
> ;; SERVER: 194.0.9.1#53(194.0.9.1)
> ;; WHEN: Mon Mar 11 15:02:18 CET 2019
> ;; MSG SIZE rcvd: 31
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list