[nsd-users] authority section blocking aaaa additionals
cloos at jhcloos.com
Thu Aug 1 21:32:43 UTC 2013
>>>>> "WCAW" == W C A Wijngaards <wouter at nlnetlabs.nl> writes:
WCAW> This is because NSD uses a UDP size limit of 1480 (IPv4) and 1220
WCAW> (IPv6). And this is how it truncates the messages. This is why on
WCAW> IPv6 you get less data. And the additional AAAA records do not fit
WCAW> within this limit.
WCAW> If you do not want this, use ./configure --disable-minimal-responses
WCAW> and then it'll use 4096 like you thought you wanted.
>> Without dnssec, of course, everything fits.
WCAW> It is the size.
Yes, That was my point.
I'd still prefer to eliminate the AUTH data; the resolvers already have
a verified set of NS RRs from the parent zone; the ADDITIONAL data is
much more valuable to them, as it avoids additional(☺) round trips.
Aside from this, it is great. And uses *much* less VM than power.
(75+70+70 Mo allocated instead of 122 Mo + 1.2 Go!) Much smoother
on a ram-challenged vps.
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the nsd-users