EDNS - edns-udp-size and max-udp-size

[Jan Arild Lindstrøm]

Hi,

I am currently in the process of upgrading fro 9.4.3 to 9.6.0-P1, and becau=
se of that
I now can see EDNS logging.

Running "resperf", I see a lot of:

--cut--
24-Feb-2009 08:25:09.082 edns-disabled: success resolving 'sigev.com/A' (in=
'sigev.com'?) after reducing the advertised EDNS UDP packet size to 512 oc=
tets
24-Feb-2009 08:25:10.532 edns-disabled: success resolving 'vesselsystemsinc=
.com/A' (in 'vesselsystemsinc.com'?) after reducing the advertised EDNS UDP=
packet size to 512 octets
24-Feb-2009 08:25:12.048 edns-disabled: success resolving 'sub.zhonghai.net=
/A' (in 'zhonghai.net'?) after reducing the advertised EDNS UDP packet size=
to 512 octets
24-Feb-2009 08:25:14.394 edns-disabled: success resolving 'abacus-sec.com/M=
X' (in 'abacus-sec.com'?) after reducing the advertised EDNS UDP packet siz=
e to 512 octets
24-Feb-2009 08:25:16.679 edns-disabled: success resolving 'belhasa.ae/A' (i=
n 'belhasa.ae'?) after reducing the advertised EDNS UDP packet size to 512 =
octets
24-Feb-2009 08:25:17.132 edns-disabled: success resolving 'ns.ngasu.nsk.su/=
A' (in 'ngasu.nsk.su'?) after reducing the advertised EDNS UDP packet size =
to 512 octets
24-Feb-2009 08:25:17.303 edns-disabled: success resolving 'phobus.gravatane=
t.com.br/A' (in 'gravatanet.com.BR'?) after reducing the advertised EDNS UD=
P packet size to 512 octets
24-Feb-2009 08:25:18.198 edns-disabled: success resolving 'ns1.dnsy.net/A' =
(in 'dnsy.net'?) after reducing the advertised EDNS UDP packet size to 512 =
octets
24-Feb-2009 08:25:19.179 edns-disabled: success resolving 'ns.dara.seameo.o=
rg/A' (in 'seameo.org'?) after reducing the advertised EDNS UDP packet size=
to 512 octets
24-Feb-2009 08:25:21.005 edns-disabled: success resolving 'NS2.RUC.EDU.CN/A=
' (in 'RUC.edu.cn'?) after disabling EDNS
24-Feb-2009 08:25:21.112 edns-disabled: success resolving '196.166.44.196.i=
n-addr.arpa/PTR' (in '166.44.196.in-addr.arpa'?) after disabling EDNS
24-Feb-2009 08:25:21.433 edns-disabled: success resolving 'cybersec.cs.uwp.=
edu/A' (in 'cybersec.cs.uwp.EDU'?) after reducing the advertised EDNS UDP p=
acket size to 512 octets
24-Feb-2009 08:25:21.721 edns-disabled: success resolving 'XJU1.XJU.EDU.CN/=
A' (in 'XJU.edu.cn'?) after reducing the advertised EDNS UDP packet size to=
512 octets
--cut--

As expected I'd guess.

But, when I add the following to named.conf options:

max-udp-size 512;

... and restart BIND,

I still see just as many "reducing the advertised EDNS UDP packet size to 5=
12 octets":

--cut--
24-Feb-2009 08:52:56.184 edns-disabled: success resolving '234.1.176.59.in-=
addr.arpa/PTR' (in '176.59.in-addr.arpa'?) after reducing the advertised ED=
NS UDP packet size to 512 octets
24-Feb-2009 08:52:59.355 edns-disabled: success resolving 'bob-swanson.com/=
A' (in 'bob-swanson.com'?) after disabling EDNS
24-Feb-2009 08:53:00.737 edns-disabled: success resolving 'dns.guangzhou.gd=
.cn/A' (in 'guangzhou.gd.cn'?) after reducing the advertised EDNS UDP packe=
t size to 512 octets
24-Feb-2009 08:53:01.451 edns-disabled: success resolving 'dns.udsm.ac.tz/A=
' (in 'ac.tz'?) after reducing the advertised EDNS UDP packet size to 512 o=
ctets
24-Feb-2009 08:53:01.465 edns-disabled: success resolving '109.13.202.81.in=
-addr.arpa/PTR' (in '13.202.81.in-addr.arpa'?) after reducing the advertise=
d EDNS UDP packet size to 512 octets
24-Feb-2009 08:53:01.522 edns-disabled: success resolving 'morfheu.gravatan=
et.com.br/A' (in 'gravatanet.com.BR'?) after reducing the advertised EDNS U=
DP packet size to 512 octets
24-Feb-2009 08:53:03.655 edns-disabled: success resolving 'ns1.dnsy.net/A' =
(in 'dnsy.NET'?) after reducing the advertised EDNS UDP packet size to 512 =
octets
24-Feb-2009 08:53:03.689 edns-disabled: success resolving 'earth.ymhs.tyc.e=
du.tw/A' (in 'ymhs.tyc.edu.tw'?) after reducing the advertised EDNS UDP pac=
ket size to 512 octets
24-Feb-2009 08:53:03.944 edns-disabled: success resolving '235.252.151.61.i=
n-addr.arpa/PTR' (in '235.252.151.61.in-addr.arpa'?) after reducing the adv=
ertised EDNS UDP packet size to 512 octets
24-Feb-2009 08:53:04.275 edns-disabled: success resolving '8.52.27.163.in-a=
ddr.arpa/PTR' (in '52.27.163.in-addr.arpa'?) after disabling EDNS
24-Feb-2009 08:53:04.551 edns-disabled: success resolving '102.19.202.81.in=
-addr.arpa/PTR' (in '19.202.81.in-addr.arpa'?) after reducing the advertise=
d EDNS UDP packet size to 512 octets
24-Feb-2009 08:53:04.625 edns-disabled: success resolving '4.237.142.195.in=
-addr.arpa/PTR' (in '237.142.195.in-addr.arpa'?) after reducing the adverti=
sed EDNS UDP packet size to 512 octets
24-Feb-2009 08:53:06.025 edns-disabled: success resolving '189.209.165.70.i=
n-addr.arpa/PTR' (in '209.165.70.in-addr.arpa'?) after reducing the adverti=
sed EDNS UDP packet size to 512 octets
24-Feb-2009 08:53:06.711 edns-disabled: success resolving '201.30.185.199.i=
n-addr.arpa/PTR' (in '30.185.199.in-addr.arpa'?) after reducing the adverti=
sed EDNS UDP packet size to 512 octets
--cut--

In case it is i local problem (since "reducing the advertised"), I also add=
ed the following
to see if that would change anything:

edns-udp-size 512;

... and restarted BIND.

But still:

--cut--
24-Feb-2009 08:56:11.843 edns-disabled: success resolving 'rous.redbarn.org=
/A' (in 'redbarn.org'?) after reducing the advertised EDNS UDP packet size =
to 512 octets
24-Feb-2009 08:56:11.979 edns-disabled: success resolving '41.188.152.204.i=
n-addr.arpa/PTR' (in '188.152.204.in-addr.arpa'?) after reducing the advert=
ised EDNS UDP packet size to 512 octets
24-Feb-2009 08:56:13.863 edns-disabled: success resolving 'terra.com.br/MX'=
(in 'terra.com.br'?) after reducing the advertised EDNS UDP packet size to=
512 octets
24-Feb-2009 08:56:14.049 edns-disabled: success resolving 'medidata.com.br/=
AAAA' (in 'medidata.com.br'?) after reducing the advertised EDNS UDP packet=
size to 512 octets
24-Feb-2009 08:56:14.119 edns-disabled: success resolving 'NS2.DNS.BR/A' (i=
n 'br'?) after reducing the advertised EDNS UDP packet size to 512 octets
24-Feb-2009 08:56:14.351 edns-disabled: success resolving 'usern13.medidata=
.com.br/A' (in 'medidata.com.br'?) after reducing the advertised EDNS UDP p=
acket size to 512 octets
24-Feb-2009 08:56:14.364 edns-disabled: success resolving 'medidata.com.br/=
A' (in 'medidata.com.br'?) after reducing the advertised EDNS UDP packet si=
ze to 512 octets
24-Feb-2009 08:56:14.395 edns-disabled: success resolving 'medidata.com.br/=
MX' (in 'medidata.com.br'?) after reducing the advertised EDNS UDP packet s=
ize to 512 octets
24-Feb-2009 08:56:14.450 edns-disabled: success resolving 'mx.terra.com.br/=
A' (in 'terra.com.br'?) after reducing the advertised EDNS UDP packet size =
to 512 octets
24-Feb-2009 08:56:17.015 edns-disabled: success resolving '20178203100.user=
.veloxzone.com.br/A' (in 'veloxzone.com.br'?) after reducing the advertised=
EDNS UDP packet size to 512 octets
24-Feb-2009 08:56:17.175 edns-disabled: success resolving '25.52.162.62.in-=
addr.arpa/PTR' (in '62.in-addr.arpa'?) after reducing the advertised EDNS U=
DP packet size to 512 octets
24-Feb-2009 08:56:17.577 edns-disabled: success resolving '77.20.103.85.in-=
addr.arpa/PTR' (in '85.in-addr.arpa'?) after reducing the advertised EDNS U=
DP packet size to 512 octets
24-Feb-2009 08:56:20.534 edns-disabled: success resolving '51.62.155.88.in-=
addr.arpa/PTR' (in '88.in-addr.arpa'?) after reducing the advertised EDNS U=
DP packet size to 512 octets
24-Feb-2009 08:56:21.016 edns-disabled: success resolving '84.7.198.81.in-a=
ddr.arpa/PTR' (in '81.in-addr.arpa'?) after reducing the advertised EDNS UD=
P packet size to 512 octets
24-Feb-2009 08:56:21.905 edns-disabled: success resolving '125.91.110.212.i=
n-addr.arpa/PTR' (in '212.in-addr.arpa'?) after reducing the advertised EDN=
S UDP packet size to 512 octets
24-Feb-2009 08:56:22.488 edns-disabled: success resolving 'ns7.virtua.com.b=
r/A' (in 'virtua.com.br'?) after reducing the advertised EDNS UDP packet si=
ze to 512 octets
24-Feb-2009 08:56:22.490 edns-disabled: success resolving 'ns8.virtua.com.b=
r/A' (in 'virtua.com.br'?) after reducing the advertised EDNS UDP packet si=
ze to 512 octets
--cut--

How can it reduce it from 512 that is in the config, down to 512?

I was expecting to see only "after disabling EDNS" messages after setting t=
he size(s) to 512.

It seems to me that max-udp-size and/or edns-udp-size does not do what I wa=
nt, wich is =

to use 512 bytes packets.

OS: Solaris 10 (SunOS 5.10 138888-01)
BIND: 9.6.0-P1, threaded.

Regards
Jan Arild Lindstr=F8m

_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

[Mark Andrews]

In message <200902240828....@mail42.nsc.no>, Jan Arild =?iso-8859-1?
Q?Lindstr=F8m?= writes:

> How can it reduce it from 512 that is in the config, down to 512?

The code just looks at the number of timeouts not at what
size was sent in the initial query. triededns512() records
when the DNS_FETCHOPT_EDNS512 has been set not when the
initial query advertised a receive buffer of 512 bytes.

if ((triededns512(fctx, &query->addrinfo->sockaddr) ||
fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
(query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
query->options |= DNS_FETCHOPT_NOEDNS0;
fctx->reason = "disabling EDNS";
} else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
(query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
query->options |= DNS_FETCHOPT_EDNS512;
fctx->reason = "reducing the advertised EDNS UDP packet "
"size to 512 octets";

}

> I was expecting to see only "after disabling EDNS" messages after setting t=
> he size(s) to 512.
>
> It seems to me that max-udp-size and/or edns-udp-size does not do what I wa=

> nt, wich is to use 512 bytes packets.

max-udp-size controls the size of packets you send.
edns-udp-size controls the size of packets you receive.

A pack trace should show you that they are working as you
wont see UDP packets over 512 bytes in either direction is
you have that set.

What you need to find out is what is causing the packet
loss. Even with a clear EDNS path you will see some of
these logged as not all timeouts are due to EDNS issues.

Mark

> OS: Solaris 10 (SunOS 5.10 138888-01)
> BIND: 9.6.0-P1, threaded.
>
>
> Regards
> Jan Arild Lindstr=F8m
>
> _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_A...@isc.org

[Evan Hunt]

> The code just looks at the number of timeouts not at what
> size was sent in the initial query. triededns512() records
> when the DNS_FETCHOPT_EDNS512 has been set not when the
> initial query advertised a receive buffer of 512 bytes.

But, if the initial query uses a receive buffer of 512 bytes or less,
can't we just set DNS_FETCHOPT_EDNS512 straight off and save a step?

eh

[Mark Andrews]

In message <20090225002...@isc.org>, Evan Hunt writes:
> > The code just looks at the number of timeouts not at what
> > size was sent in the initial query. triededns512() records
> > when the DNS_FETCHOPT_EDNS512 has been set not when the
> > initial query advertised a receive buffer of 512 bytes.
>
> But, if the initial query uses a receive buffer of 512 bytes or less,
> can't we just set DNS_FETCHOPT_EDNS512 straight off and save a step?
>
> eh

One could but, as was evident from the logs, it would cause
named to switch back to plain DNS more often when it didn't
need to.

Mark

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_A...@isc.org