On Mon, 10 Apr 2023, Lee wrote:
Why are you using google as forwarders ?
To eliminate as many variables as possible. delv talking to google works. delv talking to bind talking to google fails. When talking directly, delv is using udp to talk to google When talking via bind, bind is using tcp. And while google acks the DNSKEY request from bind, the data is not received. The seqnence number jumps from 1 on the ACK of the query to 1636 on the FIN where google closes the connection. Thats 1635 bytes of data gone missing. The mss on the original SYN packet is 1220, so that ought to be two (or more) packets gone missing. Interestingly if I use tcp to google servers it still works: (hmmm, capture suggest that it's only using TCP for the CNAME request, not the DNSKEY requests) delv -t cname deb.debian.org +rtrace +tcp @2001:4860:4860::8888 ;; fetch: deb.debian.org/CNAME ;; fetch: debian.org/DNSKEY ;; fetch: debian.org/DS ;; fetch: org/DNSKEY ;; fetch: org/DS ;; fetch: ./DNSKEY ; fully validated deb.debian.org. 3112 IN CNAME debian.map.fastlydns.net. deb.debian.org. 3112 IN RRSIG CNAME 8 3 3600 20230512040858 20230402034640 32728 debian.org. rFqk+TkAJPOXTbQl8irQJyMGjsL8yXMxFgxglzGC+7GaydpbQGEYaiOE FLHKy4dPshKq0pq5O8l+hw/gG3dgWg+fYkskltkGJyk8VNBnbgTM3Szm M2QjRR7x7hKitr61YrUkVCpZCroiKtZfat/0l42EWV24FewvatX9mBge VYzlUSrOchLHC7TjBOpxyA7Ta6ll4YIDDgMSZi4HxMMhjPdzGs2H/o8D CrKUmSE9VBhRoclczsBbMENUftKR0XOl while to my ISPs nameservers it doesn't! root@bind17:~# delv -t cname deb.debian.org +rtrace +tcp @2001:730:3ec2::10 ;; fetch: deb.debian.org/CNAME ;; fetch: debian.org/DNSKEY ;; resolution failed: timed out and I see exactly the same in the capture, 1635 bytes missing.
bind works just fine for me with no forwarding: $ delv -t cname deb.debian.org +rtrace ;; fetch: deb.debian.org/CNAME ;; fetch: debian.org/DNSKEY ;; fetch: debian.org/DS ;; fetch: org/DNSKEY ;; fetch: org/DS ;; fetch: ./DNSKEY ; fully validated deb.debian.org. 3550 IN CNAME debian.map.fastlydns.net. deb.debian.org. 3550 IN RRSIG CNAME 8 3 3600 20230512040858 20230402034640 32728 debian.org. rFqk+TkAJPOXTbQl8irQJyMGjsL8yXMxFgxglzGC+7GaydpbQGEYaiOE FLHKy4dPshKq0pq5O8l+hw/gG3dgWg+fYksklt8VNBnbgTM3Szm M2QjRR7x7hKitr61YrUkVCpZCroiKtZfat/0l42EWV24FewvatX9mBge VYzlUSrOchLHC7TjBOpxyA7Ta6ll4YIDDgMSZi4HxMMhjPdzGs2H/o8D CrKUmSE9VBhRoclczsBbMENUftKR0XOl Regards, Lee