[nsd-users] Additional section and minimal responses
John Bond
nsd at johnbond.org
Tue May 10 17:48:15 UTC 2016
Hello All,
I'm looking at minimal responses and i wanted to get some input about
how it works. I understand that
" The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
1220 (EDNS/IPv6), or the advertised EDNS buffer size if that is
smaller than the EDNS default."
What i wanted to ask is how does the name server decided what parts of
the additional section is removed? For instance if the query came in
over IPv6 would nsd attempt to add AAAA glue before A glue. If the zone
is signed will it attempt to only add glue if it can also add the rrsig
record?
Finally i thought that you would have to include at lease on glue record
in the additional section otherwise a resolution is not possible.
However nsd will answer with an empty additional section even if all
labels in the NS set are in zone. Is this an error or have i missed
something?
I have set up an example.com zone on one of my server's to demonstrate
this. The following query produces no glue records in the additional
section.
dig ns example.com. @5.28.62.36 +bufsize=1440 +norec
increasing the bufsize does add additional glue until you get to 1.5k
at which point the hard limit in nsd kicks in. you can also see that no
glue is given over dnssec but the bufsize at this point is already over
the 1500 limit
dig +dnssec ns example.com. @5.28.62.36 +bufsize=1620 +norec
can also test this over ipv6 @2001:41c9:1:41c::36
thanks John
More information about the nsd-users
mailing list