[dns-operations] UDP fragmentation while not needed/wanted DS www.veilingzaalmelase.be

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Mar 24 19:12:54 UTC 2021


On Wed, Mar 24, 2021 at 07:51:53PM +0100, Thor Spruyt wrote:

> DNS server @2a02:348:a1:bd32::1 seems to behave strangly.

[ Looks normal to me... ]

> $ dig -t DS www.veilingzaalmelase.be @2a02:348:a1:bd32::1 +edns=0 +bufsize=1452 +norecurse +dnssec
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> [...]
> ;; SERVER: 2a02:348:a1:bd32::1#53(2a02:348:a1:bd32::1)
> ;; MSG SIZE  rcvd: 1290
> 
> Packets:
> 
> $ sudo tcpdump -nn -p host 2a02:348:a1:bd32::1
> 19:33:04.426128 IP6 2a02:1111:1111::1.60034 > 2a02:348:a1:bd32::1.53: 10024 [1au] DS? www.veilingzaalmelase.be. (53)
> 19:33:04.434834 IP6 2a02:348:a1:bd32::1 > 2a02:1111:1111::1: frag (0|1232) 53 > 60034: 10024*- 0/4/1 (1224)
> 19:33:04.434846 IP6 2a02:348:a1:bd32::1 > 2a02:1111:1111::1: frag (1232|66)
> 
> So the server responds with 2 fragments, while there should be no reason for this.
> It advertises a buffer size of 4096 in the response, so the response fits in 1 udp packet.
> Is my conclusion correct ?

No.  The server *did* respond with 1 UDP packet, which got fragmented at
the *IP* layer, into two IPv6 packets, presumably because the IPv6 MTU
was set to somewhere around 1280.

> It is also strange that the first fragment has a size of 1232 ...

Well, that shows 1232 bytes of IP payload, including the 8 byte UDP
header.  Thus a total of 1298 bytes.  It would perhaps be interesting to
know how an actual 1232 byte UDP response would be handled from the same
server.  Would it still be fragmented, or would it generate a single,
slightly larger first packet.

-- 
    VIktor.


More information about the dns-operations mailing list