On 01/29/2010 03:30 PM, Joyce LAMBERT wrote:
I'am using the option send-root-referral=lean (or yes) in my powerdns
authoritative server.
First the import question, why do you want to send a root-referral ?
send-root-referral | --send-root-referral=yes | --send-root-referral=no
| --send-root-referral=lean
If set, PowerDNS will send out old-fashioned root-referrals when
queried for domains for which it is not authoritative. Wastes some
bandwidth but may solve incoming query floods if domains are
delegated to you for which you are not authoritative, but which are
queried by broken recursors. Available since 2.9.19.
Since 2.9.21, it is possible to specify 'lean' root referrals, which
waste less bandwidth.
You usually don't need it.
This server isn't recursive.
When my server need to reply with CNAME where we are not authoritative
for the destination, the server add root server in the authority
section, and ip address in the additional section.
Often this reply, can't enter in a UDP packet and need a TCP reply.
When i analyse trafic with tcpdump and wireshark i can found
[Malformed Packet: DNS]
For most resolver, this is not a problem, and communication continue
in TCP
But it look like some other resolver (or firewall) stop on this
Malformed Packet and resolution can't finish.
But only with PowerDNS authoritative server. With other, this type of
resolver can switch in TCP
One solution is the reduce the number of root server we send on
authority and additional section to limit the packet size.
This can't bo done in configuration file and need to patch sources file.
Do you now this problem, and is there any other solution.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users