[nsd-users] Unexpected responses to ANY queries over TCP
Anand Buddhdev
anandb at ripe.net
Thu May 7 10:13:24 UTC 2020
Hi folks,
This question is directed mainly at the NSD developers, but I'm posting
it here for knowledge sharing.
NSD with default settings, returns a partial response to ANY queries,
whether the queries are made over UDP or TCP. I did not expect this.
I went through all the release notes, and found this:
4.1.27
================
FEATURES:
- Deny ANY with only one RR in response, by default. Patch from
Daisuke Higashi. The deny-any statement in nsd.conf sets ANY
queries over UDP to be further moved to TCP as well.
Also no additional section processing for type ANY, reducing
the response size.
My expectation is that it's fine to return a partial response over UDP.
But, over TCP, I should get all the records at the queried qname. I
don't understand why NSD chooses to return a partial response over TCP.
What is the reasoning behind this?
In contrast, other servers like BIND and Knot>=2.9.4 make a distinction
between ANY queries received over UDP versus TCP. Over UDP, they return
a partial response. Over TCP, they do return all the records.
Regards,
Anand Buddhdev
RIPE NCC
More information about the nsd-users
mailing list