[Dnsmasq-discuss] DNSSEC slow query / TCP/ truncated issue
Dominic Preston
lzqhwo at gmail.com
Wed Aug 14 18:51:52 BST 2019
On Wed, 14 Aug 2019 at 18:43, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
> On 11/08/2019 21:01, Dominic Preston wrote:
> > Hi,
> >
> > I have a fresh installation of Ubuntu 18.04 on Google Cloud Platform.
> > I have compiled the latest version of dnsmasq with the following
> > configuration:
> >
> > no-resolv
> > server=8.8.8.8
> > conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
> > dnssec
> >
> > I stop systemd-resolved, run dnsmasq and issue the following command:
> >
> > dig @127.0.0.1 pir.org
> >
> > After that there's a long pause, and the result comes back with the
> > following line at the top of dig:
> >
> > ;; Truncated, retrying in TCP mode.
> >
> > dnsmasq log says:
> >
> > dnsmasq: reducing DNS packet size for nameserver 8.8.8.8 to 1280
> >
> > If I run this, dig comes back immediately with no pause and no TCP mode:
> >
> > dig @8.8.8.8 pir.org
> >
> > Any ideas why the first dig command has problems and the second dig
> > command is fine?
> >
> > Thanks in advance.
> >
>
>
> It's likely that the MTU for the path from 8.8.8.8 to you it limited,
> and a reply for one of the queries needed to verify the query is
> getting dropped. Hence dnsmasq reduces the packet size to the more
> conservative 1280, and the query has to be done over TCP.
>
> It works fast the second time because the information you're asking for
> is cached by dnsmasq.
>
> Cheers,
>
> Simon.
>
Thanks Simon, that makes sense.
Is there a straightforward (non dnsmasq) network command I can run so
I can demonstrate this MTU issue to the Google Cloud team?
Regards,
Dom.
More information about the Dnsmasq-discuss
mailing list