This one will break lookups from behind a firewall that only passes DNS queries <= 512 bytes. This can be demonstrated by having named silently drop any UDP packets > 512 bytes. named -T maxudp512 B.T.W. The broken TCP behaviour of the nameservers for soy and foo has been fixed. Mark In message , "Tony Finch via RT" writes: > --- > lib/dns/resolver.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c > index 884aeb8..0b48d1a 100644 > --- a/lib/dns/resolver.c > +++ b/lib/dns/resolver.c > @@ -2022,10 +2022,10 @@ resquery_send(resquery_t *query) { > > /* > * We know nothing about the peer's capabilities > - * so start with minimal EDNS UDP size. > + * so start with moderate EDNS UDP size. > */ > if (udpsize == 0U) > - udpsize = 512; > + udpsize = 1232; > > if ((flags & DNS_FETCHOPT_EDNSVERSIONSET) != 0) { > version = flags & DNS_FETCHOPT_EDNSVERSIONMASK; > @@ -2103,6 +2103,8 @@ resquery_send(resquery_t *query) { > * Record the UDP EDNS size choosen. > */ > query->udpsize = udpsize; > + isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, DNS_LOGMODULE_RESOLVE > R, > + ISC_LOG_DEBUG(10), "fctx %p(%s): udpsize %d", fctx, fctx->info, udp > size); > > if (udpsize > 0) > add_triededns(fctx, &query->addrinfo->sockaddr); > -- > 2.0.1 > > > > > -- > Ticket History: https://bugs.isc.org/Ticket/Display.html?id=36330 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org