[Dnsmasq-discuss] DNSSEC slow query / TCP/ truncated issue
lzqhwo at gmail.com
Wed Aug 14 18:51:52 BST 2019
On Wed, 14 Aug 2019 at 18:43, Simon Kelley <simon at thekelleys.org.uk> wrote:
> On 11/08/2019 21:01, Dominic Preston wrote:
> > Hi,
> > I have a fresh installation of Ubuntu 18.04 on Google Cloud Platform.
> > I have compiled the latest version of dnsmasq with the following
> > configuration:
> > no-resolv
> > server=18.104.22.168
> > conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
> > dnssec
> > I stop systemd-resolved, run dnsmasq and issue the following command:
> > dig @127.0.0.1 pir.org
> > After that there's a long pause, and the result comes back with the
> > following line at the top of dig:
> > ;; Truncated, retrying in TCP mode.
> > dnsmasq log says:
> > dnsmasq: reducing DNS packet size for nameserver 22.214.171.124 to 1280
> > If I run this, dig comes back immediately with no pause and no TCP mode:
> > dig @126.96.36.199 pir.org
> > Any ideas why the first dig command has problems and the second dig
> > command is fine?
> > Thanks in advance.
> It's likely that the MTU for the path from 188.8.131.52 to you it limited,
> and a reply for one of the queries needed to verify the query is
> getting dropped. Hence dnsmasq reduces the packet size to the more
> conservative 1280, and the query has to be done over TCP.
> It works fast the second time because the information you're asking for
> is cached by dnsmasq.
Thanks Simon, that makes sense.
Is there a straightforward (non dnsmasq) network command I can run so
I can demonstrate this MTU issue to the Google Cloud team?
More information about the Dnsmasq-discuss