[nsd-users] Unexpected responses to ANY queries over TCP

Anand Buddhdev anandb at ripe.net
Thu May 7 10:13:24 UTC 2020


Hi folks,

This question is directed mainly at the NSD developers, but I'm posting 
it here for knowledge sharing.

NSD with default settings, returns a partial response to ANY queries, 
whether the queries are made over UDP or TCP. I did not expect this.

I went through all the release notes, and found this:

4.1.27
================
FEATURES:
         - Deny ANY with only one RR in response, by default.  Patch from
           Daisuke Higashi.  The deny-any statement in nsd.conf sets ANY
           queries over UDP to be further moved to TCP as well.
           Also no additional section processing for type ANY, reducing
           the response size.

My expectation is that it's fine to return a partial response over UDP. 
But, over TCP, I should get all the records at the queried qname. I 
don't understand why NSD chooses to return a partial response over TCP. 
What is the reasoning behind this?

In contrast, other servers like BIND and Knot>=2.9.4 make a distinction 
between ANY queries received over UDP versus TCP. Over UDP, they return 
a partial response. Over TCP, they do return all the records.

Regards,
Anand Buddhdev
RIPE NCC


More information about the nsd-users mailing list