Dear Ken & Stefan,<br>Thanks for your replies, I'm using PDNS 3.0.1, can you show me how to upgrade to the lastest version ?<br>By the ways, can you give me more document about EDNS0, and migration with PDNS ?<br>Thanks you so much !<br>
<br><div class="gmail_quote">2012/11/13 <span dir="ltr"><<a href="mailto:ktm@rice.edu" target="_blank">ktm@rice.edu</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Mon, Nov 12, 2012 at 06:05:28PM +0100, Stefan Schmidt wrote:<br>
</div><div class="im">> On Mon, Nov 12, 2012 at 10:48 AM, Đức Vinh Hồ <<a href="mailto:vinh.ho2110@gmail.com">vinh.ho2110@gmail.com</a>> wrote:<br>
><br>
> > Hi all,<br>
> ><br>
><br>
> Hi there,<br>
><br>
><br>
> > My website is using PDNS round robin with too many servers pointed to 1<br>
> > domain name. I mean:<br>
> ><br>
> > Name Type Content<br>
> > <a href="http://abc.com" target="_blank">abc.com</a> A X.X.X.1<br>
> > <a href="http://abc.com" target="_blank">abc.com</a> A X.X.X.2<br>
> > .....<br>
> > <a href="http://abc.com" target="_blank">abc.com</a> A X.X.X.50<br>
> > .....<br>
> ><br>
> > Couple of days ago, my boss complain me that sometime, he can't access the<br>
> > website at night.<br>
</div>> > After many research, i found that a DNS message carried in UDP *cannot*exceed 512 bytes.<br>
> > When a UDP DNS message exceeds 512 octets/bytes, the *TRUNCATED* bit is<br>
<div class="im">> > included in the response, indicating to the client/resolver that not all of<br>
> > the answers were returned, and they should re-query using a TCP DNS<br>
> > message. I thinks my DNS round robin records is too large. And that is the<br>
> > main cause of my problem<br>
> ><br>
> > So, can you show me how to increase the PDNS UDP message size, or some<br>
> > solution to make sure PDNS ok<br>
> ><br>
><br>
> It is correct that regular UDP DNS responses cannot exceed 512 bytes,<br>
> however nowadays most clients (that is usually recursive dns servers such<br>
> as google dns for example) make use of a DNS extension header format called<br>
> EDNS or EDNS0. See <a href="http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS" target="_blank">http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS</a>.<br>
> Depending on which version of PowerDNS you use it already does support<br>
> EDNS0 for a long time as it is needed for DNSSEC operations. And it is also<br>
> very likely that most recursive DNS servers speak EDNS0 as well. This<br>
> probably mitigates your issue but due to this being a protocol limitation<br>
> there is no workaround for it other than limiting the number of IP<br>
> addresses in your round-robin-record or making sure all recursive DNS<br>
> servers your clients use are EDNS0 capable. Also some firewalls such as<br>
> Cisco ASA in earlier default configurations are known drop DNS responses<br>
> that are larger than the 512 byte limit.<br>
><br>
<br>
</div><div class="im">Hi,<br>
<br>
To add to Stefan's response, since you have no control over how broken<br>
the DNS infrastructure is that is talking to your system, you need to<br>
address the lowest common denominator and restrict your round-robin<br>
DNS record to 512-bytes just like the big boys: Google, Yahoo,...<br>
<br>
Cheers,<br>
Ken<br>
</div>_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote></div><br>