query about EDNS UDP Packet

[Gaurav Kansal]

Hello Team,

 

I am getting too many entries for reducing the EDNS Packet size to 512 bytes in my log file.

For Eg:

 

Dec 31 03:07:20 IPv6-DNS named[3769]: success resolving 'dns1.vps.net/A' (in 'vps.net'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:21 IPv6-DNS named[3769]: success resolving 'ad.metanetwork.com/A' (in 'metanetwork.com'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:25 IPv6-DNS named[3769]: success resolving 'geo.admetanetwork.com/A' (in 'admetanetwork.com'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:31 IPv6-DNS named[3769]: success resolving 'tomcat.apache.org/A' (in 'apache.org'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:31 IPv6-DNS named[3769]: success resolving 'www.apache.org/A' (in 'apache.org'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:31 IPv6-DNS named[3769]: success resolving 'issues.apache.org/A' (in 'apache.org'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:34 IPv6-DNS named[3769]: success resolving 'ns1.zurich.surf.net/A' (in 'surf.net'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:34 IPv6-DNS named[3769]: success resolving 'ns2.surfnet.nl/AAAA' (in 'surfnet.nl'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:34 IPv6-DNS named[3769]: success resolving 'ns2.surfnet.nl/A' (in 'surfnet.nl'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:34 IPv6-DNS named[3769]: success resolving 'ns1.zurich.surf.net/AAAA' (in 'surf.net'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:34 IPv6-DNS named[3769]: success resolving './NS' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:40 IPv6-DNS named[3769]: success resolving 'ns1.zurich.surf.net/A' (in 'surf.net'?) after reducing the advertised EDNS UDP packet size to 512 octets

Dec 31 03:07:40 IPv6-DNS named[3769]: success resolving 'ns1.zurich.surf.net/AAAA' (in 'surf.net'?) after reducing the advertised EDNS UDP packet size to 512 octets

 

On googling for this, I got to know that this come when remote DNS Server doesn’t support EDNS0 (i.e., packet size upto 4096 bytes).

 

Now I want to know whether my DNS Server supports EDNS0 for incoming request or not.

I use the ‘OARC's DNS Reply Size Test Server’ for the same and I got the below mentioned O/P:

 

#dig +short rs.dns-oarc.net txt

rst.x476.rs.dns-oarc.net.

rst.x450.x476.rs.dns-oarc.net.

rst.x490.x450.x476.rs.dns-oarc.net.

"Tested at 2012-12-31 09:40:11 UTC"

"164.100.1.206 sent EDNS buffer size 4096"

"164.100.1.206 DNS reply size limit is at least 490"

 

Does this mean that my server is not supporting EDNS0 ???

 

 

Thanks and Regards,

Gaurav Kansal

Mob – 9910118448

 

Happy New Year 2013.

IPv4 is Over,

Are your ready for new Network.

 

[Sten Carlsen]

It means that something in your path limits packet size. That could likely be a firewall or router with a "helpful" function to pass DNS packets on; only it thinks that a DNS packet can only be 512 bytes long.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:
       "MALE BOVINE MANURE!!!"

[Gaurav Kansal]

I just want to test whether this limit is within my organization.

Is any method available by which I can check this?

 

Regards,

Gaurav Kansal

[Phil Mayers]

On 12/31/2012 10:54 AM, Gaurav Kansal wrote:
> I just want to test whether this limit is within my organization.
>
> Is any method available by which I can check this?
>

https://www.dns-oarc.net/oarc/services/replysizetest

[Sten Carlsen]

With the replies you have shown, the limitation is very likely within your own walls.

While it is possible that some router on the path between you and the test server limits the packet size, I would say it is very likely not the case, much less than 1% propability - according to my experience.

I would use a sniffer along the path between each switch/router/firewall/xx until you either don't see the longer edns0 packets or some other evidence (could be some ICMP message) shows you that this is the place.

I would also search for keywords like: DNS EDNS0 truncate.

Good hunting.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

[Gaurav Kansal]

Hi Team,

Thanks for help.

My Firewall was dropping packet size larger than 512 bytes.

Cisco 5580 having ASA 8.3. It is by default blocking my EDNS0 Packet.

Thanks and Regards,

Gaurav Kansal

--
Thanks n Regards,
GAURAV KANSAL
9910118448
Operation And Routing Unit
NIC , NEW DELHI

Happy New Year 2013.

Please don't print this e-mail until & unless you really need, it will save Trees on Planet Earth.

[Mike Hoskins (michoski)]

-----Original Message-----

From: Gaurav Kansal <gaurav...@nic.in>
Date: Wednesday, January 9, 2013 12:34 AM
To: Sten Carlsen <st...@s-carlsen.dk>, "bind-...@lists.isc.org"
<bind-...@lists.isc.org>
Subject: Re: query about EDNS UDP Packet

>Thanks for help.
>My Firewall was dropping packet size larger than 512 bytes.
>Cisco 5580 having ASA 8.3. It is by default blocking my EDNS0 Packet.

This should be a FAQ. :-)

For anyone else who happens to be reading the archives -- googling for
"cisco edns0" will lead to a lot of useful information...better than
duplicating it all here. Many older network devices (including Cisco) had
default policies which assumed a 512 byte limit.