[Pdns-users] [Help] Increase DNS UDP Message Size

Đức Vinh Hồ vinh.ho2110 at gmail.com
Tue Nov 13 07:10:43 UTC 2012 

Dear Ken & Stefan,
Thanks for your replies, I'm using PDNS 3.0.1, can you show me how to
upgrade to the lastest version ?
By the ways, can you give me more document about EDNS0, and migration with
PDNS ?
Thanks you so much !

2012/11/13 <ktm at rice.edu>

> On Mon, Nov 12, 2012 at 06:05:28PM +0100, Stefan Schmidt wrote:
> > On Mon, Nov 12, 2012 at 10:48 AM, Đức Vinh Hồ <vinh.ho2110 at gmail.com>
> wrote:
> >
> > > Hi all,
> > >
> >
> > Hi there,
> >
> >
> > > My website is using PDNS round robin with too many servers pointed to 1
> > > domain name. I mean:
> > >
> > >      Name                                  Type                 Content
> > >     abc.com                                A                   X.X.X.1
> > >     abc.com                                A                   X.X.X.2
> > > .....
> > >     abc.com                                A
> X.X.X.50
> > > .....
> > >
> > > Couple of days ago, my boss complain me that sometime, he can't access
> the
> > > website at night.
> > > After many research, i found that a DNS message carried in UDP
> *cannot*exceed 512 bytes.
> > > When a UDP DNS message exceeds 512 octets/bytes, the *TRUNCATED* bit is
> > > included in the response, indicating to the client/resolver that not
> all of
> > > the answers were returned, and they should re-query using a TCP DNS
> > > message. I thinks my DNS round robin records is too large. And that is
> the
> > > main cause of my problem
> > >
> > > So, can you show me how to increase the PDNS UDP message size, or some
> > > solution to make sure PDNS ok
> > >
> >
> > It is correct that regular UDP DNS responses cannot exceed 512 bytes,
> > however nowadays most clients (that is usually recursive dns servers such
> > as google dns for example) make use of a DNS extension header format
> called
> > EDNS or EDNS0. See
> http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS.
> > Depending on which version of PowerDNS you use it already does support
> > EDNS0 for a long time as it is needed for DNSSEC operations. And it is
> also
> > very likely that most recursive DNS servers speak EDNS0 as well. This
> > probably mitigates your issue but due to this being a protocol limitation
> > there is no workaround for it other than limiting the number of IP
> > addresses in your round-robin-record or making sure all recursive DNS
> > servers your clients use are EDNS0 capable. Also some firewalls such as
> > Cisco ASA in earlier default configurations are known drop DNS responses
> > that are larger than the 512 byte limit.
> >
>
> Hi,
>
> To add to Stefan's response, since you have no control over how broken
> the DNS infrastructure is that is talking to your system, you need to
> address the lowest common denominator and restrict your round-robin
> DNS record to 512-bytes just like the big boys: Google, Yahoo,...
>
> Cheers,
> Ken
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20121113/a5241489/attachment-0001.html>

More information about the Pdns-users mailing list