Hello,
I am trying to understand EDNS queries and the fallback capabilities.
BIND 9.9.6-P1. I have a particular scenario where two sites are connected via
firewall links and UDP fragmentation is not allowed. The symptoms I am seeing
is that a dig command sends out several queries with EDNS and bufsize of 4096.
The server on the other side of this setup answers back with an answer sized at
3410, yet no packets reach back to the dig query. According to the
Knowledgebase article linked below, I expected to see the client fallback to
EDNS with a bufsize of 512 when it did not receive a reply. Am I wrong? I have
also listed the part that concerns me.
https://kb.isc.org/article/AA-01219/30/Refinements-to-EDNS-fallback-behavior-can-cause-different-outcomes-in-Recursive-Servers.html
"For currently (and recently) supported versions of BIND up to and including
BIND 9.9, the fallback algorithm for a 'new' authoritative server operates as
follows:
Query with EDNS, advertising size 4096, DO (DNSSEC OK) bit set
If no response, retry with EDNS, size 512, DO bit set"
Perhaps it has something to do with the meaning of "'new'"?
Thank you,
Ralph F. Bischof, Jr.
The opinions expressed within this communication are not necessarily those of
NASA.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
