Bug #45814 for bind9-public: possible EDNS bug

Named starts out with EDNS queries with a UDP buffer size of 512 because that allows named to determine if the remote server supports EDNS without also having to determine if the path supports larger responses. There are still servers that do not respond to EDNS queries. There are still firewalls that think DNS over UDP is limited to 512 bytes. There are still firewalls that think dropping fragments is a good thing. If you start talking to a new nameserver with EDNS using a buffer size of 4096 named cannot determine which of the above or packet loss is causing lack of answers. By advertising a 512 byte buffer you eliminate two sources of error and increase the probability that you can accurately determine if a server supports EDNS or not. If you start with 4096 byte packets you and the server gets no response you have to try multiple recovery strategies simultaneously. Unfortunately you can't just treat non response as packet loss. Mark In message <rt-4.4.1-370-1503183919-1928.45814-3-0@isc.org>, "Chris via RT" wri tes: > I dont know if this is intentional or a bug, but to me seems buggy behaviour. > > I am diagnosing EDNS by using the following command. Which makes a test > server send responses to show the EDNS size used. > > ‘dig +short rs.dns-oarc.net txt’ > > on unbound and bind 9.9 This will result in large packets of over 4000 bytes. > It also reports a EDNS buffer size of 4096. > > On bind 9.10 the first request has packets below 512 bytes and reports and > EDNS buffer size of 512. However if U run another query shortly after it > then reports larger sizes of over 4000 bytes. So it seems it needs multiple > requests to use large EDNS packets. I have confirmed this behaviour on 3 > different servers all of which run FreeBSD. The EDNS size seems to be > stored in some kind of cache that expires because eventually a request > will then drop back t o a 512 byte limit again. > > Result of first query using bind 9.10 > > rst.x487.rs.dns-oarc.net. > rst.x499.x487.rs.dns-oarc.net. > rst.x457.x499.x487.rs.dns-oarc.net. > "2001:41d0:1:a16c::10:1 DNS reply size limit is at least 499" > "2001:41d0:1:a16c::10:1 sent EDNS buffer size 512" > > Result of second query using bind 9.10 > > rst.x4090.rs.dns-oarc.net. > rst.x4060.x4090.rs.dns-oarc.net. > rst.x4066.x4060.x4090.rs.dns-oarc.net. > "2001:41d0:1:a16c::10:1 sent EDNS buffer size 4096" > "Tested at 2017-08-19 22:56:40 UTC" > "2001:41d0:1:a16c::10:1 DNS reply size limit is at least 4090" > > Result of any query made on unbound or bind 9.9 > > rst.x4090.rs.dns-oarc.net. > rst.x4060.x4090.rs.dns-oarc.net. > rst.x4066.x4060.x4090.rs.dns-oarc.net. > "2a01:4f8:201:5465::2 DNS reply size limit is at least 4090" > "2a01:4f8:201:5465::2 sent EDNS buffer size 4096" > "Tested at 2017-08-19 23:03:20 UTC" > > Please let me know if you need more information. > > regards > > Chris -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

---