[Unbound-users] EDNS fallback
Jakub Heichman
kuba.heichman at gmail.com
Fri Jun 26 14:13:56 UTC 2009
Hi Wouter,
Thanks - I have tried your patch and I get the MX records when used
with unbound-host. However unbound doesnt seem to be returning these
MX records when I use dig/other DNS lookup tools:
# dig mx bidmc.harvard.edu @localhost
; <<>> DiG 9.3.3rc2 <<>> mx bidmc.harvard.edu @localhost
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bidmc.harvard.edu. IN MX
;; Query time: 3653 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 26 14:53:41 2009
;; MSG SIZE rcvd: 35
Thanks again,
Jakub
2009/6/26 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
> Hi Jakub,
>
> Here is a patch that solves your problem, I'll look into a more permanent
> fix.
>
> The trouble is that unbound assumed, that once an EDNS answer is received,
> then, the path actually works for bufsize=4k answers. The patch makes it
> reprobe once an answer starts to lag.
>
> Thanks for the bugreport!
>
> (With that patch, unbound-host bidmc.harvard.edu produces the MX records
> after 10 seconds.)
>
> Best regards,
> Wouter
>
>
> Index: services/outside_network.c
> ===================================================================
> --- services/outside_network.c (revision 1683)
> +++ services/outside_network.c (working copy)
> @@ -1234,7 +1234,7 @@
> &edns_lame_known, &rtt))
> return 0;
> if(sq->status == serviced_initial) {
> - if(edns_lame_known == 0 && rtt > 5000) {
> + if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) {
> /* perform EDNS lame probe - check if server is
> * EDNS lame (EDNS queries to it are dropped) */
> verbose(VERB_ALGO, "serviced query: send probe to see
> "
> @@ -1516,10 +1516,12 @@
> } else if(sq->status == serviced_query_UDP_EDNS &&
> !sq->edns_lame_known) {
> /* now we know that edns queries received answers store that
> */
> + /*
> if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
> 0, (uint32_t)now.tv_sec)) {
> log_err("Out of memory caching edns works");
> }
> + */
> sq->edns_lame_known = 1;
> }
> if(now.tv_sec > sq->last_sent_time.tv_sec ||
>
>
> On 06/26/2009 01:40 PM, Jakub Heichman wrote:
>>
>> Hello,
>>
>> I'm using unbound 1.3.0 and am unable to resolve MX record for (for
>> example) bidmc.harvard.edu.
>> I'm guessing that somewhere on the other side there might be a problem
>> supporting DNS in UDP packets bigger that 512 bytes
>>
>> Asking the source:
>>
>> # dig +bufsize=513 mx bidmc.harvard.edu @134.174.104.11
>>
>> ;<<>> DiG 9.2.4<<>> +bufsize=513 mx bidmc.harvard.edu @134.174.104.11
>> ; (1 server found)
>> ;; global options: printcmd
>> ;; connection timed out; no servers could be reached
>>
>>
>> # dig +bufsize=512 mx bidmc.harvard.edu @134.174.104.11
>>
>> ;<<>> DiG 9.2.4<<>> +bufsize=512 mx bidmc.harvard.edu @134.174.104.11
>> ; (1 server found)
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30368
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 10
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;bidmc.harvard.edu. IN MX
>>
>> ;; ANSWER SECTION:
>> bidmc.harvard.edu. 3600 IN MX 5
>> rattlesnake2.caregroup.org.
>> [strip]
>>
>> However, from what I understood, in this case unbound would send a
>> probe query with a sub-second timeout to see if the server responds
>> without EDNS.
>> Does the timeout apply to response time from the target nameserver, or
>> the whole recursion time (which in my case takes more that a second)?
>>
>> Direct from source:
>> # dig mx bidmc.harvard.edu @134.174.104.11 | grep time
>> ;; Query time: 297 msec
>>
>> Recursion time from local Bind instance (on port 5300)
>> # dig mx bidmc.harvard.edu @localhost -p5300 | grep time
>> ;; Query time: 2241 msec
>>
>> Recursion from unbound:
>> # dig mx bidmc.harvard.edu @localhost
>> [..]
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63565
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> Thanks very much,
>>
>
>
--
Kuba Heichman
More information about the Unbound-users
mailing list