[nsd-users] enable-minimal-responses

Matthijs Mekking matthijs at NLnetLabs.nl
Thu Nov 24 09:12:59 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Todd,

Looks correct to me: by enabling minimal responses, we change the
behavior of NSD slightly. A resolver may expect the optional NS RRsets
and, but not having them in the response should not trouble the
resolver. In my opinion, this biggest risk is not a big risk at all.

I am not aware of any other issues that you should take into considerations.

Best regards,
  Matthijs

On 11/23/2011 08:10 PM, Todd Rinaldo wrote:
> 
> On Nov 23, 2011, at 4:17 AM, Matthijs Mekking wrote:
> 
>> RELNOTES ========
>> 
>> FEATURES: - - Minimize responses to reduce truncation: NSD will
>> only add optional records to the authority and additional sections
>> when the response size does not exceed the minimal response size.
>> 
>> The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4), 1220
>> (EDNS/IPv6), or the advertized EDNS buffer size if that is smaller
>> than the EDNS default.
>> 
>> The feature is enabled by default. You can disable it by
>> configuring NSD with --disable-minimal-responses.
> 
> Matthijs,
> 
> Thanks for the 3.2.9 release. It looks like there are allot of good
> fixes in the release.
> 
> I'm trying to get a more thorough understanding of the
> mininal-responses feature in order to do a risk assessment of
> enabling it in our build.
> 
> I've done some archeology and from what I can tell, commits 3471
> through 3473 are the total change. I could not find a bug referring
> to these commits.
> 
> Looking at the commits, I find this additional documentation in
> doc/REQUIREMENTS: +  The feature 'minimize responses' is included
> since NSD 3.2.9. +  NS RRsets that would go into the Authority
> section in positive +  responses are not considered REQUIRED and
> therefore will NOT lead +  to setting of the TC bit.
> 
> As I see it, my biggest risk of taking this feature is that I could
> possibly cause unexpected behavior in any client expecting this
> information, even though the spec says it's optional.
> 
> Are there any other issues I should consider?
> 
> Thanks, Todd

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOzgqbAAoJEA8yVCPsQCW54mgIAIBIKGnvwqu517hRu97fTM3v
1BqGuMnaAWXurgA0sNz99u/jdVKFmetnB0tiRHkHdnovgDx7K5C5g3V2jNqf3cP1
xCqWZ2zGGibUXRKLTG2hzXnqojSCzNWUvBfVAGXO5yCxHRqnFNVHRKmBxGJEI1mo
jv6Gg214LoVu5CsgYxMJHFTJVeFGCAzd12OjOMPqhwhOhXZDOjU/WSWHEi2ikCOJ
oycp9Q8H1bGw5apnBogIjx4CpqI3SEVZgOR5tQyaMDuvLJAL5OPQT2pWEvV0KU+9
fX96kfjHg6zy4zuZBd4RkU7yFNUNSkZuaR+7Mo2uThKn7kCZQsY2ImqnlNxTdEc=
=Sawn
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list