[Unbound-users] EDNS fallback
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Fri Jun 26 12:53:32 UTC 2009
Hi Jakub,
Here is a patch that solves your problem, I'll look into a more
permanent fix.
The trouble is that unbound assumed, that once an EDNS answer is
received, then, the path actually works for bufsize=4k answers. The
patch makes it reprobe once an answer starts to lag.
Thanks for the bugreport!
(With that patch, unbound-host bidmc.harvard.edu produces the MX records
after 10 seconds.)
Best regards,
Wouter
Index: services/outside_network.c
===================================================================
--- services/outside_network.c (revision 1683)
+++ services/outside_network.c (working copy)
@@ -1234,7 +1234,7 @@
&edns_lame_known, &rtt))
return 0;
if(sq->status == serviced_initial) {
- if(edns_lame_known == 0 && rtt > 5000) {
+ if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) {
/* perform EDNS lame probe - check if server is
* EDNS lame (EDNS queries to it are dropped) */
verbose(VERB_ALGO, "serviced query: send probe to see "
@@ -1516,10 +1516,12 @@
} else if(sq->status == serviced_query_UDP_EDNS &&
!sq->edns_lame_known) {
/* now we know that edns queries received answers store that */
+ /*
if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
0, (uint32_t)now.tv_sec)) {
log_err("Out of memory caching edns works");
}
+ */
sq->edns_lame_known = 1;
}
if(now.tv_sec > sq->last_sent_time.tv_sec ||
On 06/26/2009 01:40 PM, Jakub Heichman wrote:
> Hello,
>
> I'm using unbound 1.3.0 and am unable to resolve MX record for (for
> example) bidmc.harvard.edu.
> I'm guessing that somewhere on the other side there might be a problem
> supporting DNS in UDP packets bigger that 512 bytes
>
> Asking the source:
>
> # dig +bufsize=513 mx bidmc.harvard.edu @134.174.104.11
>
> ;<<>> DiG 9.2.4<<>> +bufsize=513 mx bidmc.harvard.edu @134.174.104.11
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
>
> # dig +bufsize=512 mx bidmc.harvard.edu @134.174.104.11
>
> ;<<>> DiG 9.2.4<<>> +bufsize=512 mx bidmc.harvard.edu @134.174.104.11
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30368
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 10
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;bidmc.harvard.edu. IN MX
>
> ;; ANSWER SECTION:
> bidmc.harvard.edu. 3600 IN MX 5 rattlesnake2.caregroup.org.
> [strip]
>
> However, from what I understood, in this case unbound would send a
> probe query with a sub-second timeout to see if the server responds
> without EDNS.
> Does the timeout apply to response time from the target nameserver, or
> the whole recursion time (which in my case takes more that a second)?
>
> Direct from source:
> # dig mx bidmc.harvard.edu @134.174.104.11 | grep time
> ;; Query time: 297 msec
>
> Recursion time from local Bind instance (on port 5300)
> # dig mx bidmc.harvard.edu @localhost -p5300 | grep time
> ;; Query time: 2241 msec
>
> Recursion from unbound:
> # dig mx bidmc.harvard.edu @localhost
> [..]
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63565
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> Thanks very much,
>
More information about the Unbound-users
mailing list