toddr at cpanel.net
Wed Nov 23 19:10:42 UTC 2011
On Nov 23, 2011, at 4:17 AM, Matthijs Mekking wrote:
> - - Minimize responses to reduce truncation: NSD will only add optional
> records to the authority and additional sections when the response
> size does not exceed the minimal response size.
> The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
> 1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is
> smaller than the EDNS default.
> The feature is enabled by default. You can disable it by configuring
> NSD with --disable-minimal-responses.
Thanks for the 3.2.9 release. It looks like there are allot of good fixes in the release.
I'm trying to get a more thorough understanding of the mininal-responses feature in order to do a risk assessment of enabling it in our build.
I've done some archeology and from what I can tell, commits 3471 through 3473 are the total change. I could not find a bug referring to these commits.
Looking at the commits, I find this additional documentation in doc/REQUIREMENTS:
+ The feature 'minimize responses' is included since NSD 3.2.9.
+ NS RRsets that would go into the Authority section in positive
+ responses are not considered REQUIRED and therefore will NOT lead
+ to setting of the TC bit.
As I see it, my biggest risk of taking this feature is that I could possibly cause unexpected behavior in any client expecting this information, even though the spec says it's optional.
Are there any other issues I should consider?
More information about the nsd-users