[conspire] DNS? UDP limited to 512 bytes, or ??? ... got EDNS? ...
Rick Moen
rick at linuxmafia.com
Mon Mar 7 08:02:04 PST 2016
Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
> Yes, the above still *mostly* holds and it *is* still required for
> properly functioning DNS. There are, however, a few things that change
> that a bit ... or more properly and precisely - *extend* it.
>
> UDP limited to only a maximum of 512 bytes in a packet? DNS can't do
> more than that 512 byte limit in a UDP packet? That's not necessarily
> always the case ... but it depends upon the particular client and
> server involved - and also the transport between them. So one can't
> generally expect or rely upon any and all clients and/or servers
> supporting such extensions. Huh? Yes.
> EDNS https://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS
So, to be completely accurate, what I should have said to Mark, Edie,
and Joe was 'Specifically, if the [...] answer size exceeds 512 bytes,
TCP _will often_ [instead of 'must'] be used.' Conclusion is
nonetheless on the mark that 'It is absolutely necessary that DNS
nameservers be able and willing to respond using TCP-type answers.'
(Or, as you phrase it, still required for properly functioning DNS.)
I think we've both seen the sort of severe flakiness that occurs when
someone mistakenly firewalls off 53/TCP on a DNS nameserver. It looks a
lot like what is observed with x7hosting.
More information about the conspire
mailing list