[dns-operations] UDP fragmentation while not needed/wanted DS www.veilingzaalmelase.be

Thor Spruyt thor.spruyt at telenet.be
Wed Mar 24 18:51:53 UTC 2021


Hi,

DNS server @2a02:348:a1:bd32::1 seems to behave strangly.

$ dig -t DS www.veilingzaalmelase.be @2a02:348:a1:bd32::1 +edns=0 +bufsize=1452 +norecurse +dnssec

; <<>> DiG 9.11.4 <<>> -t DS www.veilingzaalmelase.be @2a02:348:a1:bd32::1 +edns=0 +bufsize=1452 +norecurse +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10024
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.veilingzaalmelase.be.      IN      DS

;; AUTHORITY SECTION:
veilingzaalmelase.be.   7200    IN      SOA     ns1.mijndnsserver.nl. hostmaster.veilingzaalmelase.be. 2021031001 28800 7200 2419200 86400
veilingzaalmelase.be.   7200    IN      RRSIG   SOA 8 2 7200 20210409093004 20210310093004 35055 veilingzaalmelase.be. Lxfkk00qbjQhrXql1xBf7D/0lR3O8NfWIf599kKstRSmVX0OT3L+JJeb Z4pcOuVCZbU7E938/p6krnQ1k68yPxMk+mGBV5y1fAF5aSX3cAXLQX z1nTwMS0jXNk0JEtak1CyGbIeyP3x0HDciewftW140khPjIh3rSA4tk+ X+GPCwg+G7zPagZOisLnTt+LFMTpfCDr0wlCPA+b8Ae778r7ry4KpPSx WbS1xz8NESasYt+H2qwq+MYVLjTA0jtIxztbAZ0WU1SrkEBU3CQtQ4 MndVpXNovbAqRy4XNUrw2yZ8j56mb1Lm6twc3mO4jz+LWMr2X6NDVfoM dknn5k0CJHFhXGoO1TlATAs15IPBjsZXMRaIxZCopjEphpE40VP31sea v8miQDhvbM+Kr49ZaHCo61qDbcaznHHVYQeTVGnkVnhYs6QJfjwFo7+I 8R1JHKF8v+qjcGLHKx3z0k6NPNqNoZaE3+nitKBltEj+L9wQ4HzHvF TTDiGv4oUITo8pVi3eceZIG9jYcx91obQgH02pNNiz0I+jnyQ27CLm1h 2Ei3lcIhK3xfjB6NVVnkKhHt0eHUC0QiQLEGXWfFZRV5glkpxaIikEIp 26ldVD8sr6z2JOoHfmaMG2x3QPel8Gc8YJpeoTCX7yw7uBPN2Rnq1y vLXVSGHLrN0=
www.veilingzaalmelase.be. 86400 IN      NSEC    veilingzaalmelase.be. A RRSIG NSEC
www.veilingzaalmelase.be. 86400 IN      RRSIG   NSEC 8 3 86400 20210409093004 20210310093004 35055 veilingzaalmelase.be. EIZCmD06nt9u2S6VHA+6J6o9IkSFNJRypDJ4SgEauyNRw/7ButbLqZrH 3nYJlqkt95NxCjifg36k60oCK0dI5Zp56wQVQU50au5FrlMBIfidOO DYt5u++iQ18QdiW9N8Lc0i0y3PWQKVGcEZLGrroOlc7nw1TX3oE9VOme WziFpdjVFYn+qEXNp8vHNyuKMwtIFDREHobU2wffClp//B0olWLrDUzi JClgxV+XZH8LawO2QCBsV9Ze2iJOkKPeUzcNXumQ3E3Tr0xMB6fAat xgAOzNN3dOOA+g4gYqzUfLtk8n4wHgP8IAAxqYn1e2blAlssgT8rMltR 8ZPQDcXLgexPj0aCe8rvUQhcHXQ7CyE/RuFt6uVOfrCLBv2USBmIn/OU RLMdoLLx+at8O+oKMjoq5lqh5SBdx0hygHehsVY7hXl+xSPitz6AUg9s tdTdGfF1FKekIk12Bg4DE+o69/7AewUCKCGQLz2+4aA7HjmszdteF8 GhE1QwgrD4MRAtMmz559q76UJ3WNp/FV8gU7KpXU9vJUuo3eCo9BFahi eyc39mBwwbIJSp02MizwnOfpGAUBzFe2NutuOYYrY8YozNvRJpWQkP1P Lm421cfgdhhSToZu966HmOaW/Wlg2lEofavdmT2V4CMMzFMGzyZOEe Zico4VaMVOM=

;; Query time: 8 msec
;; SERVER: 2a02:348:a1:bd32::1#53(2a02:348:a1:bd32::1)
;; WHEN: Wed Mar 24 19:33:04 CET 2021
;; MSG SIZE  rcvd: 1290

Packets:

$ sudo tcpdump -nn -p host 2a02:348:a1:bd32::1
19:33:04.426128 IP6 2a02:1111:1111::1.60034 > 2a02:348:a1:bd32::1.53: 10024 [1au] DS? www.veilingzaalmelase.be. (53)
19:33:04.434834 IP6 2a02:348:a1:bd32::1 > 2a02:1111:1111::1: frag (0|1232) 53 > 60034: 10024*- 0/4/1 (1224)
19:33:04.434846 IP6 2a02:348:a1:bd32::1 > 2a02:1111:1111::1: frag (1232|66)

So the server responds with 2 fragments, while there should be no reason for this.
It advertises a buffer size of 4096 in the response, so the response fits in 1 udp packet.
Is my conclusion correct ?

It is also strange that the first fragment has a size of 1232 ...

Thanks for any feedback,
Thor


More information about the dns-operations mailing list