[Dnsmasq-discuss] DNSSEC slow query / TCP/ truncated issue

Simon Kelley simon at thekelleys.org.uk
Wed Aug 14 18:34:05 BST 2019


On 11/08/2019 21:01, Dominic Preston wrote:
> Hi,
> 
> I have a fresh installation of Ubuntu 18.04 on Google Cloud Platform.
> I have compiled the latest version of dnsmasq with the following
> configuration:
> 
> no-resolv
> server=8.8.8.8
> conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
> dnssec
> 
> I stop systemd-resolved, run dnsmasq and issue the following command:
> 
> dig @127.0.0.1 pir.org
> 
> After that there's a long pause, and the result comes back with the
> following line at the top of dig:
> 
> ;; Truncated, retrying in TCP mode.
> 
> dnsmasq log says:
> 
> dnsmasq: reducing DNS packet size for nameserver 8.8.8.8 to 1280
> 
> If I run this, dig comes back immediately with no pause and no TCP mode:
> 
> dig @8.8.8.8 pir.org
> 
> Any ideas why the first dig command has problems and the second dig
> command is fine?
> 
> Thanks in advance.
> 


It's likely that the MTU for the path from 8.8.8.8 to you it limited,
and  a reply for one of the queries needed to verify the query is
getting dropped. Hence dnsmasq reduces the packet size to the more
conservative 1280, and the query has to be done over TCP.

It works fast the second time because the information you're asking for
is cached by dnsmasq.

Cheers,

Simon.

> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list