[dns-operations] NS1 nameservers response size

Jan Včelák jv at fcelda.cz
Fri May 24 12:10:44 UTC 2019 

Hello.

OK. That is a fair reason to drop fragments. I will check if we can get it
fixed soon. Please, keep the fallback to TCP now which should always work.

Sorry for the trouble and thanks for bringing it up.

Jan (NS1)

Dne pá 24. 5. 2019 13:55 uživatel Manabu Sonoda <manabu-s at iij.ad.jp> napsal:

> Hello Jan,
>
>
> We failed to resolve this name.
> Because our full resolvers are set buffer size 1220 byte and
> drop UDP fragment packet for protect from fragment attack.
> (see: draft-fujiwara-dnsop-fragment-attack-01)
>
> Now we resolve this name by tcp only.
> It is fine.
>
>
> --
> Manabu Sonoda <manabu-s at iij.ad.jp>
> Internet Initiative Japan Inc.
>
> On 2019/05/24 20:10
> Jan Včelák <jv at fcelda.cz> wrote:
>
> Hello,
>
> I can confirm we do not respect the buffer size. We are aware of this
> deficiency but it also doesn't have high priority at the moment.
>
> Have you encountered a situation where it has been causing trouble for a
> real application? Or is this an accidental discovery?
>
> Jan (NS1)
>
> Dne pá 24. 5. 2019 12:19 uživatel Manabu Sonoda < manabu-s at iij.ad.jp >
> napsal:
>
>> Are NS1not implement edns0 buffer size ?
>> Do they plan to implement it ?
>>
>> ( Close eyes bad rdata....)
>>
>> dig @ dns2.p07.nsone.net globalsign.com txt +bufsize=512
>>
>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @
>> dns2.p07.nsone.net globalsign.com txt +bufsize=512
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11262
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1
>> ;; WARNING: recursion requested but not available
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ; globalsign.com .                        IN      TXT
>>
>> ;; ANSWER SECTION:
>> globalsign.com .         300     IN      TXT     "MS=ms71622826"
>> globalsign.com .         300     IN      TXT
>>  "aoLxrQBK4FSoQsQVxk8Oh0QqDIiILef/m6EwZTmpg1M="
>> globalsign.com .         300     IN      TXT
>>  "cH2cwv2lMzoxbrhQDsfB7LDv/Jsu2TDDZSQznoA/H1rtSih8CLKju0RZrRDahPyMLM4ZYA8sGijs561ll2AZPw=="
>> globalsign.com .         300     IN      TXT
>>  "eBPD7w6DE9vYNPwczqepRahUkUAkBw5qxW7qsAOd+ig="
>> globalsign.com .         300     IN      TXT
>>  "google-site-verification=gtfgX6oja-rl-TcVUtRidcodGC-4xwiVrFdhz2Njuo0"
>> globalsign.com .         300     IN      TXT
>>  "pardot_341121_*=1f62b656fc75f01e2dbf46962f3df567f9435270c2ac313c6587c4bbef258d0f"
>> globalsign.com .         300     IN      TXT     "v=DKIM1\;k=rsa\;
>> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1vhugV30ayqwRy2mu+m6QyxvdVtHee/ChrUqtrPflazjf3LfuGryocUGTZ66DsHZeTpjqdcRRXms1+xpVsqqeiXipw4jNPwx9VpyIyg0suI/2QYsIjKyj0OFYWe22Ilgp/zjXXJUxJ4fTqT5ae0cAX5u3GNsj6dA8u9n3atIlIwIDAQAB"
>> globalsign.com .         300     IN      TXT
>>  "v=DKIM1\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzTQa7JyCBCGKvGz3/6F2vf5dXWZKOD4y56gizEWfUITZ/OvV4VYxCUAAD6JicyyPg+SjweyBcRNBVb+oaZ4NiCvCu2Pci5UIOZZwZn45XRFTpLnj/bTJE5elcmXvf2LytUQlGcM4N9qjzGlb4qdohLghBvRaQ+YpXK+Nrg6UokQIDAQAB"
>> globalsign.com .         300     IN      TXT
>>  "v=DKIM1\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL/t1pilYMRJcrBcyXuRdNmdpN1fnF0cC6eI34BAw7w8YW1cwH14MjbhtX6QrWhrpGFGDZOzEv3BSA8MXWNMxInJtppacMoSB2ZCRwWe4d0Hk0uklh5g5iydksSAwf+GK8YJEj9UPDJx6/y7zQytjWee9s4n2ABSGpDCMMdJkFBQIDAQAB"
>> globalsign.com .         300     IN      TXT
>>  "v=DMARC1\;p=reject\;rua=mailto: dmarc at globalsign.com "
>> globalsign.com .         300     IN      TXT     "v=spf1 ip4:
>> 114.179.250.0/30 ip4: 211.123.204.251/32 ip4: 27.121.42.215/32 ip4:
>> 211.11.149.164/32 include: spf.protection.outlook.com include:_
>> spf.salesforce.com include: spf-bma.mpme.jp include:_ spf.act-on.net
>> include:es._ spf.adp.com -all"
>> globalsign.com .         300     IN      TXT
>>  "yandex-verification:e54a3279b05955ba"
>>
>> ;; Query time: 3 msec
>> ;; SERVER: 198.51.45.7#53(198.51.45.7)
>> ;; WHEN: Fri May 24 18:48:31 2019
>> ;; MSG SIZE  rcvd: 1551
>>
>> --
>> Manabu Sonoda < manabu-s at iij.ad.jp >
>> Internet Initiative Japan Inc.
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> <https://lists.dns-oarc.net/mailman/listinfo/dns-operationsdns-operations>
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190524/d440ddb4/attachment.html>

More information about the dns-operations mailing list