[dns-operations] Strange problem with fragmented DNS responses from b.iana-servers.net

Duane Wessels wessels at dns-oarc.net
Mon Dec 8 23:12:13 UTC 2008 

I've had some private replies with suggestions such as:

    - My money would be on a stateless perimeter firewall eating the UDP fragment

    - Is there a chance the fragments don't get the proper Ethernet padding?

    - What happens when you ping with large packets

These are good suggestions but don't explain why I get fragments from server 'C' but
not from server 'B' for only this one query name.

Also I did a quick ping test and was able to ping with all packet
sizes between 1400 and 1550.

Here is some tcpdump output that shows the problem:

First, note the lack of second fragment and retransmits:

  $ dig +bufsiz=2048 @b.iana-servers.net XN--9T4B11YI5A rrsig

22:17:44.160270 IP in1.63123 > b.domain:  48194+ [1au] Type46? XN--9T4B11YI5A. (43)
22:17:44.311876 IP b.domain > in1.63123:  48194*- 6/3/5 Type46, Type46, Type46, Type46, Type46, Type46 (1472)
22:17:49.160658 IP in1.63123 > b.domain:  48194+ [1au] Type46? XN--9T4B11YI5A. (43)
22:17:49.312475 IP b.domain > in1.63123:  48194*- 6/3/5 Type46, Type46, Type46, Type46, Type46, Type46 (1472)
22:17:54.161659 IP in1.63123 > b.domain:  48194+ [1au] Type46? XN--9T4B11YI5A. (43)
22:17:54.313509 IP b.domain > in1.63123:  48194*- 6/3/5 Type46, Type46, Type46, Type46, Type46, Type46 (1472)


Second, same query works fine when sent to server 'C':

  $ dig +bufsiz=2048 @c.iana-servers.net XN--9T4B11YI5A rrsig

22:18:01.395524 IP in1.60579 > c.domain:  38984+ [1au] Type46? XN--9T4B11YI5A. (43)
22:18:01.602067 IP c.domain > in1.60579:  38984*- 6/3/5 Type46, Type46, Type46, Type46, Type46, Type46 (1472)
22:18:01.602086 IP c > in1: udp


Third, note that I can receive and reassemble fragmented responses from server 'B'

  $ dig +bufsiz=2048 @b.iana-servers.net XN--HGBK6AJ7F53BBA rrsig

22:18:10.812872 IP in1.53545 > b.domain:  19457+ [1au] Type46? XN--HGBK6AJ7F53BBA. (47)
22:18:10.964034 IP b.domain > in1.53545:  19457*- 6/3/5 Type46, Type46, Type46, Type46, Type46, Type46 (1472)
22:18:10.964622 IP b > in1: udp

More information about the dns-operations mailing list