[nsd-users] I want to send larger responses (more glue)

W.C.A. Wijngaards wouter at nlnetlabs.nl
Wed May 4 08:32:51 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Stephane,

On 04/05/16 10:26, Stephane Bortzmeyer wrote:
> I manage a DNS Yeti <http://yeti-dns.org/> root name server and,
> for experimental purposes, we now have 23 root name servers. But
> NSD does not send the glue for all of them:
> 
> % dig @dahu1.yeti.eu.org NS .
> 
> ; <<>> DiG 9.9.5-12.1-Debian <<>> @dahu1.yeti.eu.org NS . ; (1
> server found) ;; global options: +cmd ;; Got answer: ;;
> ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 368 ;; flags: qr
> aa rd; QUERY: 1, ANSWER: 24, AUTHORITY: 0, ADDITIONAL: 12 ;;
> WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;;
> QUESTION SECTION: ;.			IN NS
> 
> ;; ANSWER SECTION: .			86400 IN NS bii.dns-lab.net. .			86400 IN NS
> yeti.bofh.priv.at. .			86400 IN NS yeti.ipv6.ernet.in. .			86400 IN
> NS yeti.aquaray.com. .			86400 IN NS dahu1.yeti.eu.org. .			86400
> IN NS dahu2.yeti.eu.org. .			86400 IN NS ns-yeti.bondis.org. .
> 86400 IN NS yeti-ns.ix.ru. .			86400 IN NS yeti-ns.lab.nic.cl. .
> 86400 IN NS yeti-ns.tisf.net. .			86400 IN NS yeti-ns.wide.ad.jp. .
> 86400 IN NS yeti-ns.conit.co. .			86400 IN NS yeti-ns.switch.ch. .
> 86400 IN NS yeti-ns.as59715.net. .			86400 IN NS
> yeti-ns1.dns-lab.net. .			86400 IN NS yeti-ns2.dns-lab.net. .
> 86400 IN NS yeti-ns3.dns-lab.net. .			86400 IN NS
> yeti-dns01.dnsworkshop.org. .			86400 IN NS
> 18ac3e7343f016890c510e93f93526.yeti-dns.net. .			86400 IN NS
> 2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net. .			86400 IN NS
> 3e23e8160039594a33894f6564e1b1.yeti-dns.net. .			86400 IN NS
> 3f79bb7b435b05321651daefd374cd.yeti-dns.net. .			86400 IN NS
> ca978112ca1bbdcafac231b39a23dc.yeti-dns.net. .			86400 IN RRSIG NS
> 8 0 86400 ( 20160603050150 20160504050150 20454 . 
> oXf6MeGVkVFcWu7iUdfx06LuD6CPGSpzJDpPc38hactA 
> 3fm9oIQ7K2vySs4V+xd4FXEwLML2jq0LlvZ9/bt8hDJM 
> jXvF/6wszHu7i900Rtf+CpGt7cYe/yCuEVTJwNogpsyU 
> v0xFs4LlpfVWYouMKG5uOUBu4qHOiR4R2ibqmZw= )
> 
> ;; ADDITIONAL SECTION: bii.dns-lab.net.	86400 IN AAAA
> 240c:f:1:22::6 yeti.bofh.priv.at.	86400 IN AAAA
> 2a01:4f8:161:6106:1::10 yeti.ipv6.ernet.in.	86400 IN AAAA
> 2001:e30:1c1e:1::333 yeti.aquaray.com.	86400 IN AAAA
> 2a02:ec0:200::1 dahu1.yeti.eu.org.	86400 IN AAAA
> 2001:4b98:dc2:45:216:3eff:fe4b:8c5b dahu2.yeti.eu.org.	86400 IN
> AAAA 2001:67c:217c:6::2 ns-yeti.bondis.org.	86400 IN AAAA
> 2a02:2810:0:405::250 yeti-ns.ix.ru.		86400 IN AAAA
> 2001:6d0:6d06::53 yeti-ns.lab.nic.cl.	86400 IN AAAA
> 2001:1398:1:21::8001 yeti-ns.tisf.net.	86400 IN AAAA
> 2001:559:8000::6 yeti-ns.wide.ad.jp.	86400 IN AAAA
> 2001:200:1d9::35
> 
> ;; Query time: 22 msec ;; SERVER:
> 2001:4b98:dc2:45:216:3eff:fe4b:8c5b#53(2001:4b98:dc2:45:216:3eff:fe4b:
8c5b)
>
> 
;; WHEN: Wed May 04 10:24:16 CEST 2016
> ;; MSG SIZE  rcvd: 1222
> 
> 
> The EDNS buffer size of the server is 4096 bytes:
> 
> % grep ipv6-edns /etc/nsd/nsd.conf ipv6-edns-size: 4096
> 
> How could I tell it to send all the glues when the EDNS buffer size
> is large enough? I do not find such an option in the
> documentation.

Try using --disable-minimal-responses for ./configure.

It is removing the optional additional section records that make the
packet above the fragmentation size.  That is enabled by default.

Best regards, Wouter

> 
> NSD 4.1.9, running on Linux 
> _______________________________________________ nsd-users mailing
> list nsd-users at NLnetLabs.nl 
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXKbOtAAoJEJ9vHC1+BF+N7ekP/RzWD1TPwcaoXhOXvyMz1JJw
qMbY82Npm9LOOGMqtf60MbfAOHCjdklGIJlaVdKpFrtuKbFZbhcE5EvQqkNxxWVL
phjqPmr+lQGxp5chOi9dx3xxgOYE6eicdAQCDgn0gEM1Q0oLbZKYPrwYH2odciMj
fbyXNgAKd+p6V3IJOjD71/DHKD1l5YStCjSnWwILlZTIdrkfGa5b7eDYYcqUu48D
9/PnNcJpRtuevsolVTo6fqfiwHZ3eRE/QfMeVljMO8rtiEwgLBVCIyHKILF3qToV
MZTT31aCOw9Xyxgu5k0DqRmzxOAsl9n6p2WV9KBuCeebtjlSmFYFP4K/QXt20Wh0
d+pjK1IXJaVB9EI+Rv2JC1G1kr8R3oguW8ZRWFqT43EvaqEMEF0A8MhNXynfVvyl
wOdYjd5yGIJu2EmoSx0uxS5hGTKOBaLKdUg9paT0l8WvB01IzTvL7N0pzfnkEFGm
vsJgVsIQz5TPjV9MMebXxlt3VDcrICSIS6N0uR0RxxgodlIiZbCokqgGN4NDE0UH
SvHyXeiSpJur7Xv45Sm7rtAzgZPqbD1KrtE8+fegKCQnuoQA6NNgO+bRdR3aCihH
0WXXQ0pu3KQRcESQCisUQBfmBMKVDBk6SFQ6a5E3iFTzNmJcyxOlybnNitZDuB96
OtdsI5u9qFnrjk5LUlxy
=BUaB
-----END PGP SIGNATURE-----

More information about the nsd-users mailing list