Message-ID: <183c01d3193f$9c8803f0$d5980bd0$@chrysalisnet.org> X-Mailer: Microsoft Outlook 14.0 From: "Chris" X-Authenticated-ID: chrysalis X-RT-Incoming-Encryption: Not encrypted X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner Thread-Index: AdMZP5R9yBsCGVX/QSynfz6nwmKzNw== Content-Language: en-gb Delivered-To: bind9-bugs@bugs.isc.org X-SPF-Status: Return-Path: Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id A123CD78AED for ; Sat, 19 Aug 2017 23:05:16 +0000 (UTC) Received: from mail.hostingfreak.net (mail.hostingfreak.net [IPv6:2a01:4f8:201:5465::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 2C6E334970A for ; Sat, 19 Aug 2017 23:05:14 +0000 (UTC) Received: from [2a02:c7f:401b:6300::124] (port=52139 helo=ChrisPC) (HELO=ChrisPC) by mail.hostingfreak.net with esmtpsa (Exim 4.89) (Cipher TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) (envelope-from ) id 1djCno-000LZt-F2 by authid with login for bind-bugs@isc.org; Sun, 20 Aug 2017 00:05:12 +0100 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=chrysalisnet.org; s=x; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DcJuVS4ta8IGZ9aLwmF5nvLDXDXFe+5GqlOAGkfvaok=; b=JDU7ONgdyaFzqQ7hGdWkvYFaf9 amLYNPEN2AIuG/9/ovRySgfZot7fv69H4CL7g+6Afg23hw4Ucuqgh6aJzJxmu2OVCZdEJRkkoQ29M Wcg8aiiM7aOCCRJnFU+HqLgIcTHvIPROXc8H9MBrNDrvTza/X4kBb32tJXOAP20ugnBmtXV4UwJUN NOL7uRlAJjEKHXCnyZMvrl03DB+xvPDP67VNiGX0JzagQLQQkk0459BxQ9L0Y3przAIOfH+DFOZsS qpWkHJLLVXNI7qShTZP9BoHlZHfaw8GVQTV9jgenFJoy3OZb/Km8kjAeyMOFSK+NMOM/ahIMhA3C1 F/3xMV+Q==; Date: Sun, 20 Aug 2017 00:05:05 +0100 From chrysalis@chrysalisnet.org Sat Aug 19 23:05:16 2017 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 Content-Transfer-Encoding: quoted-printable Subject: possible EDNS bug content-type: text/plain; charset="utf-8" X-Original-To: bind9-bugs@bugs.isc.org To: bind-bugs@isc.org MIME-Version: 1.0 X-RT-Original-Encoding: utf-8 X-RT-Interface: Email Content-Length: 1752 I dont know if this is intentional or a bug, but to me seems buggy behaviour. I am diagnosing EDNS by using the following command. Which makes a test server send responses to show the EDNS size used. ‘dig +short rs.dns-oarc.net txt’ on unbound and bind 9.9 This will result in large packets of over 4000 bytes. It also reports a EDNS buffer size of 4096. On bind 9.10 the first request has packets below 512 bytes and reports and EDNS buffer size of 512. However if U run another query shortly after it then reports larger sizes of over 4000 bytes. So it seems it needs multiple requests to use large EDNS packets. I have confirmed this behaviour on 3 different servers all of which run FreeBSD. The EDNS size seems to be stored in some kind of cache that expires because eventually a request will then drop back to a 512 byte limit again. Result of first query using bind 9.10 rst.x487.rs.dns-oarc.net. rst.x499.x487.rs.dns-oarc.net. rst.x457.x499.x487.rs.dns-oarc.net. "2001:41d0:1:a16c::10:1 DNS reply size limit is at least 499" "2001:41d0:1:a16c::10:1 sent EDNS buffer size 512" Result of second query using bind 9.10 rst.x4090.rs.dns-oarc.net. rst.x4060.x4090.rs.dns-oarc.net. rst.x4066.x4060.x4090.rs.dns-oarc.net. "2001:41d0:1:a16c::10:1 sent EDNS buffer size 4096" "Tested at 2017-08-19 22:56:40 UTC" "2001:41d0:1:a16c::10:1 DNS reply size limit is at least 4090" Result of any query made on unbound or bind 9.9 rst.x4090.rs.dns-oarc.net. rst.x4060.x4090.rs.dns-oarc.net. rst.x4066.x4060.x4090.rs.dns-oarc.net. "2a01:4f8:201:5465::2 DNS reply size limit is at least 4090" "2a01:4f8:201:5465::2 sent EDNS buffer size 4096" "Tested at 2017-08-19 23:03:20 UTC" Please let me know if you need more information. regards Chris