Maintained by: NLnet Labs

[Unbound-users] EDNS fallback

W.C.A. Wijngaards
Fri Jun 26 14:53:32 CEST 2009


Hi Jakub,

Here is a patch that solves your problem, I'll look into a more 
permanent fix.

The trouble is that unbound assumed, that once an EDNS answer is 
received, then, the path actually works for bufsize=4k answers.  The 
patch makes it reprobe once an answer starts to lag.

Thanks for the bugreport!

(With that patch, unbound-host bidmc.harvard.edu produces the MX records 
after 10 seconds.)

Best regards,
    Wouter


Index: services/outside_network.c
===================================================================
--- services/outside_network.c	(revision 1683)
+++ services/outside_network.c	(working copy)
@@ -1234,7 +1234,7 @@
  		&edns_lame_known, &rtt))
  		return 0;
  	if(sq->status == serviced_initial) {
-		if(edns_lame_known == 0 && rtt > 5000) {
+		if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) {
  			/* perform EDNS lame probe - check if server is
  			 * EDNS lame (EDNS queries to it are dropped) */
  			verbose(VERB_ALGO, "serviced query: send probe to see "
@@ -1516,10 +1516,12 @@
  	} else if(sq->status == serviced_query_UDP_EDNS &&
  		!sq->edns_lame_known) {
  		/* now we know that edns queries received answers store that */
+		/*
  		if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
  			0, (uint32_t)now.tv_sec)) {
  			log_err("Out of memory caching edns works");
  		}
+		*/
  		sq->edns_lame_known = 1;
  	}
  	if(now.tv_sec > sq->last_sent_time.tv_sec ||


On 06/26/2009 01:40 PM, Jakub Heichman wrote:
> Hello,
>
> I'm using unbound 1.3.0 and am unable to resolve MX record for (for
> example) bidmc.harvard.edu.
> I'm guessing that somewhere on the other side there might be a problem
> supporting DNS in UDP packets bigger that 512 bytes
>
> Asking the source:
>
> # dig +bufsize=513 mx bidmc.harvard.edu @134.174.104.11
>
> ;<<>>  DiG 9.2.4<<>>  +bufsize=513 mx bidmc.harvard.edu @134.174.104.11
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
>
> # dig +bufsize=512 mx bidmc.harvard.edu @134.174.104.11
>
> ;<<>>  DiG 9.2.4<<>>  +bufsize=512 mx bidmc.harvard.edu @134.174.104.11
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30368
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 10
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;bidmc.harvard.edu.		IN	MX
>
> ;; ANSWER SECTION:
> bidmc.harvard.edu.	3600	IN	MX	5 rattlesnake2.caregroup.org.
> [strip]
>
> However, from what I understood, in this case unbound would send a
> probe query with a sub-second timeout to see if the server responds
> without EDNS.
> Does the timeout apply to response time from the target nameserver, or
> the whole recursion time (which in my case takes more that a second)?
>
> Direct from source:
> # dig mx bidmc.harvard.edu @134.174.104.11 | grep time
> ;; Query time: 297 msec
>
> Recursion time from local Bind instance (on port 5300)
> # dig mx bidmc.harvard.edu @localhost -p5300 | grep time
> ;; Query time: 2241 msec
>
> Recursion from unbound:
> # dig mx bidmc.harvard.edu @localhost
> [..]
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63565
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> Thanks very much,
>