[dns-operations] Unexpected truncation

Unbitrium unbitrium at unbitrium.co.uk
Sun Apr 3 17:13:57 UTC 2011 

~# dig root-servers.net @a.gtld-servers.net +dnssec +ignore

; <<>> DiG 9.6-ESV-R4 <<>> root-servers.net @a.gtld-servers.net +dnssec +ignore
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33151
;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 16, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;root-servers.net.              IN      A

;; AUTHORITY SECTION:
root-servers.net.       172800  IN      NS      a.root-servers.net.
root-servers.net.       172800  IN      NS      h.root-servers.net.
root-servers.net.       172800  IN      NS      c.root-servers.net.
root-servers.net.       172800  IN      NS      g.root-servers.net.
root-servers.net.       172800  IN      NS      f.root-servers.net.
root-servers.net.       172800  IN      NS      b.root-servers.net.
root-servers.net.       172800  IN      NS      j.root-servers.net.
root-servers.net.       172800  IN      NS      k.root-servers.net.
root-servers.net.       172800  IN      NS      l.root-servers.net.
root-servers.net.       172800  IN      NS      m.root-servers.net.
root-servers.net.       172800  IN      NS      i.root-servers.net.
root-servers.net.       172800  IN      NS      e.root-servers.net.
root-servers.net.       172800  IN      NS      d.root-servers.net.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 -
A25R64HGRKT76GSK0JS1PNJ44MEELOJ6 NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400
20110410132541 20110403121541 3980 net.
DQAaquKB8zgUz9fobtOwae2VlSIn8APdLYfQrOH4kV3Nr2fmkc9TFtTf
lkaKzR7STXBLKfO+lcqUC9Gj7rHi92Ix1cpa9GJUymPOfyAf1cNs1DN4
WVlkk+JsYHOy0hZLvV+YUMYj5P3oNcUsGFn5tEBFVAbj5whGk4rVTH2m R+Q=
T22QBPLSKNM5R7N5JOT6FOK8FANM08DS.net. 86400 IN NSEC3 1 1 0 -
T3EJ3HFMUU4E60CM9FQO4IKTUGV00JCH NS DS RRSIG

;; Query time: 95 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Sun Apr  3 18:37:40 2011
;; MSG SIZE  rcvd: 575

According to the response their maximum packet size is set to 512,
however the packet is actually being truncated at 575 bytes (with the
tc flag set).

This is where it gets weird:

~# dig gtld-servers.net @a.gtld-servers.net +dnssec

; <<>> DiG 9.6-ESV-R4 <<>> gtld-servers.net @a.gtld-servers.net +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64396
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 12, ADDITIONAL: 11
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;gtld-servers.net.              IN      A

;; AUTHORITY SECTION:
gtld-servers.net.       172800  IN      NS      a2.gtld-servers.net.
gtld-servers.net.       172800  IN      NS      c2.gtld-servers.net.
gtld-servers.net.       172800  IN      NS      d2.gtld-servers.net.
gtld-servers.net.       172800  IN      NS      e2.gtld-servers.net.
gtld-servers.net.       172800  IN      NS      f2.gtld-servers.net.
gtld-servers.net.       172800  IN      NS      g2.gtld-servers.net.
gtld-servers.net.       172800  IN      NS      h2.gtld-servers.net.
gtld-servers.net.       172800  IN      NS      l2.gtld-servers.net.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 -
A25R64HGRKT76GSK0JS1PNJ44MEELOJ6 NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400
20110410132541 20110403121541 3980 net.
DQAaquKB8zgUz9fobtOwae2VlSIn8APdLYfQrOH4kV3Nr2fmkc9TFtTf
lkaKzR7STXBLKfO+lcqUC9Gj7rHi92Ix1cpa9GJUymPOfyAf1cNs1DN4
WVlkk+JsYHOy0hZLvV+YUMYj5P3oNcUsGFn5tEBFVAbj5whGk4rVTH2m R+Q=
5PJOBKDL45DEF5CS8P4CUL9SF2DEP7S9.net. 86400 IN NSEC3 1 1 0 -
5QPMJFAGON3NFJU5RA5SQ9SHJ30VOTI3 NS DS RRSIG
5PJOBKDL45DEF5CS8P4CUL9SF2DEP7S9.net. 86400 IN RRSIG NSEC3 8 2 86400
20110410145932 20110403134932 3980 net.
KomB6OqJsKzLCDOQJwD33hknUDQbuTSwssms6UJfYhd8LOaZBiEyFsej
ESzGGWHCJXbvWDh018RRuCqtW+PNV2f7zLyLeBYev3cKqNwTz3grKqsS
GW9iJnMjawHiXThyx/biZHuG8PWQuossGRnJ2y90WDzyccV1r/o5oFec tmU=

;; ADDITIONAL SECTION:
a2.gtld-servers.net.    172800  IN      A       192.5.6.31
a2.gtld-servers.net.    172800  IN      AAAA    2001:503:a83e::2:31
c2.gtld-servers.net.    172800  IN      A       192.26.92.31
c2.gtld-servers.net.    172800  IN      AAAA    2001:503:83eb::2:31
d2.gtld-servers.net.    172800  IN      A       192.31.80.31
e2.gtld-servers.net.    172800  IN      A       192.12.94.31
f2.gtld-servers.net.    172800  IN      A       192.35.51.31
g2.gtld-servers.net.    172800  IN      A       192.42.93.31
h2.gtld-servers.net.    172800  IN      A       192.54.112.31
l2.gtld-servers.net.    172800  IN      A       192.41.162.31

;; Query time: 99 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Sun Apr  3 18:38:14 2011
;; MSG SIZE  rcvd: 850

850 byte reply not truncated (also claiming a maximum packet size of
512 bytes). Off of the top of my head I can't think of any other zones
with lots of name servers to test against, but my first guess looking
at this very limited data would be that they truncate responses over
~1k, but when truncating they limit the reply to "512 + finish the
current record" bytes or something similar?

Nothing really "wrong" as such - the reply was over the packet size
limit so they sent a truncated reply and you retried over TCP to get
the full response, as should happen. The only thing odd seems to be
the response indicating the limit as 512 bytes when clearly it's not,
and the weird truncation behaviour (although I guess that's not too
important if it knows the resolver will retry over TCP anyway). It's
an improvement over a 512 byte packet limit, but not quite as good as
a 4k packet limit. :)

For completeness sake I also tested requests with maximum packet sizes
lower than the size of the returned data, and it truncated properly.
(except for the root-servers.net domain, which did the same 575 byte
response for anything allowing replies over 575 bytes).

~# dig gtld-servers.net @a.gtld-servers.net +dnssec +bufsize=600
+noauthority +noadditional +noquestion +ignore

; <<>> DiG 9.6-ESV-R4 <<>> gtld-servers.net @a.gtld-servers.net
+dnssec +bufsize=600 +noauthority +noadditional +noquestion +ignore
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61799
;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 11, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; Query time: 95 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Sun Apr  3 18:57:40 2011
;; MSG SIZE  rcvd: 503

~# dig gtld-servers.net @a.gtld-servers.net +dnssec +bufsize=700
+noauthority +noadditional +noquestion +ignore

; <<>> DiG 9.6-ESV-R4 <<>> gtld-servers.net @a.gtld-servers.net
+dnssec +bufsize=700 +noauthority +noadditional +noquestion +ignore
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5307
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 12, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; Query time: 99 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Sun Apr  3 18:58:26 2011
;; MSG SIZE  rcvd: 698

- Mike

On 3 April 2011 16:33, George Barwood <george.barwood at blueyonder.co.uk> wrote:
> dig a.root-servers.net @a.gtld-servers.net +dnssec
>
> is truncating, even though the response size is only 1170 bytes after TCP retry.
>
> This seems odd to me.
>
> George
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>

More information about the dns-operations mailing list