Maintained by: NLnet Labs

[Unbound-users] EDNS fallback

Jakub Heichman
Fri Jun 26 13:40:48 CEST 2009


Hello,

I'm using unbound 1.3.0 and am unable to resolve MX record for (for
example) bidmc.harvard.edu.
I'm guessing that somewhere on the other side there might be a problem
supporting DNS in UDP packets bigger that 512 bytes

Asking the source:

# dig +bufsize=513 mx bidmc.harvard.edu @134.174.104.11

; <<>> DiG 9.2.4 <<>> +bufsize=513 mx bidmc.harvard.edu @134.174.104.11
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached


# dig +bufsize=512 mx bidmc.harvard.edu @134.174.104.11

; <<>> DiG 9.2.4 <<>> +bufsize=512 mx bidmc.harvard.edu @134.174.104.11
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30368
;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 10

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bidmc.harvard.edu.		IN	MX

;; ANSWER SECTION:
bidmc.harvard.edu.	3600	IN	MX	5 rattlesnake2.caregroup.org.
[strip]

However, from what I understood, in this case unbound would send a
probe query with a sub-second timeout to see if the server responds
without EDNS.
Does the timeout apply to response time from the target nameserver, or
the whole recursion time (which in my case takes more that a second)?

Direct from source:
# dig mx bidmc.harvard.edu @134.174.104.11 | grep time
;; Query time: 297 msec

Recursion time from local Bind instance (on port 5300)
# dig mx bidmc.harvard.edu @localhost -p5300 | grep time
;; Query time: 2241 msec

Recursion from unbound:
# dig mx bidmc.harvard.edu @localhost
[..]
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63565
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

Thanks very much,

-- 
Jakub Heichman