[Dnsmasq-discuss] DNSSEC slow query / TCP/ truncated issue

Geert Stappers stappers at stappers.nl
Wed Aug 14 21:02:08 BST 2019


On Wed, Aug 14, 2019 at 06:51:52PM +0100, Dominic Preston wrote:
> On Wed, 14 Aug 2019 at 18:43, Simon Kelley <simon at thekelleys.org.uk> wrote:
> > On 11/08/2019 21:01, Dominic Preston wrote:
> > > Hi,
> > >
> > > I have a fresh installation of Ubuntu 18.04 on Google Cloud Platform.
> > >
> > > dig @127.0.0.1 pir.org
> > >
> > > After that there's a long pause, and the result comes back with the
> > > following line at the top of dig:
> > >
> > > ;; Truncated, retrying in TCP mode.
> > >
> > > dnsmasq log says:
> > >
> > > dnsmasq: reducing DNS packet size for nameserver 8.8.8.8 to 1280
> > >
> > > If I run this, dig comes back immediately with no pause and no TCP mode:
> > >
> > > dig @8.8.8.8 pir.org
> > >
> > > Any ideas why the first dig command has problems and the second dig
> > > command is fine?
> > >
> >
> > It's likely that the MTU for the path from 8.8.8.8 to you it limited,
> > and  a reply for one of the queries needed to verify the query is
> > getting dropped. Hence dnsmasq reduces the packet size to the more
> > conservative 1280, and the query has to be done over TCP.
> >
> > It works fast the second time because the information you're asking for
> > is cached by dnsmasq.
> >
> > Cheers,
> >
> > Simon.
> >
> 
> Thanks Simon, that makes sense.
> 
> Is there a straightforward (non dnsmasq) network command I can run so
> I can demonstrate this MTU issue to the Google Cloud team?

 https://duckduckgo.com/?q=test+MTU+size  does hint `ping`

I don't know how well it goes in this situation.


Road that I would explore is how to mimic the dnsmasq request to
upstream DNS with `dig`.

My attempt with `dig @8.8.8.8 pir.org ANY` returns "MSG SIZE  rcvd: 2509",
but no sign of ";; Truncated, retrying in TCP mode."

Interresting problem.


> Regards,
> Dom.

Groeten
Geert Stappers
-- 
Leven en laten leven



More information about the Dnsmasq-discuss mailing list