[nsd-users] authority section blocking aaaa additionals

James Cloos cloos at jhcloos.com
Thu Aug 1 21:32:43 UTC 2013

>>>>> "WCAW" == W C A Wijngaards <wouter at nlnetlabs.nl> writes:

WCAW> This is because NSD uses a UDP size limit of 1480 (IPv4) and 1220
WCAW> (IPv6).  And this is how it truncates the messages.  This is why on
WCAW> IPv6 you get less data.  And the additional AAAA records do not fit
WCAW> within this limit.

WCAW> If you do not want this, use ./configure --disable-minimal-responses
WCAW> and then it'll use 4096 like you thought you wanted.

>> Without dnssec, of course, everything fits.

WCAW> It is the size.

Yes, That was my point.

I'd still prefer to eliminate the AUTH data; the resolvers already have
a verified set of NS RRs from the parent zone; the ADDITIONAL data is
much more valuable to them, as it avoids additional(☺) round trips. 

Aside from this, it is great.  And uses *much* less VM than power.
(75+70+70 Mo allocated instead of 122 Mo + 1.2 Go!)  Much smoother
on a ram-challenged vps.

James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

More information about the nsd-users mailing list