[dns-operations] latest bind, EDNS & TCP

Simon Munton Simon.Munton at cdns.net
Fri Oct 10 13:53:38 UTC 2014

Recently, some servers seems to be only using bufsize=512 and so, for 
signed zones, always falling back to TCP. This seemed to start about 
11th Sep, but got significantly worse after the 6th Oct.

I seem to remember someone saying that the latest version of bind starts 
with bufsize=512, but presumably it will learn a larger bufsize 
capability, if declared by the responding server?

Despite us replying with bufsize=4096, all queries from certain hosts 
always come with bufsize=512 and so, if the zone is signed (as are most 
ccTLDs we carry), the query is always immediately re-issued over TCP.

The consequence is that this has vastly increased the number of TCP 
queries we now get.

I have tried unsuccessfully to reproduce this behaviour, but the fact 
remains that very recently a number of EDNS0/DNSSEC capable servers have 
started always using bufsize=512 and so repeating every single query (to 
any signed zone) over TCP.

Obviously this has the potential to vastly increase the load on TLD name 
servers over time.

Is anyone else seeing this?

More information about the dns-operations mailing list