[Dnsmasq-discuss] DNSSEC slow query / TCP/ truncated issue
Geert Stappers
stappers at hendrikx-itc.nl
Thu Aug 15 07:51:09 BST 2019
On 14-08-2019 23:09, Dominic Preston wrote:
> On Wed, 14 Aug 2019 at 21:32, Geert Stappers <stappers at stappers.nl> wrote:
>> On Wed, Aug 14, 2019 at 06:51:52PM +0100, Dominic Preston wrote:
>>> On Wed, 14 Aug 2019 at 18:43, Simon Kelley <simon at thekelleys.org.uk> wrote:
>>>> On 11/08/2019 21:01, Dominic Preston wrote:
>>>>
>>>>
>>>> I have a fresh installation of Ubuntu 18.04 on Google Cloud Platform.
>>>>
...
>>>> It's likely that the MTU for the path from 8.8.8.8 to you it limited,
>>>> and a reply for one of the queries needed to verify the query is
>>>> getting dropped. Hence dnsmasq reduces the packet size to the more
>>>> conservative 1280, and the query has to be done over TCP.
>>>>
>>>> It works fast the second time because the information you're asking for
>>>> is cached by dnsmasq.
>>>>
>>>> Cheers,
>>>>
>>>> Simon.
>>>>
>>> Thanks Simon, that makes sense.
>>>
>>> Is there a straightforward (non dnsmasq) network command I can run so
>>> I can demonstrate this MTU issue to the Google Cloud team?
>> https://duckduckgo.com/?q=test+MTU+size does hint `ping`
>>
>> I don't know how well it goes in this situation.
>>
>>
>> Road that I would explore is how to mimic the dnsmasq request to
>> upstream DNS with `dig`.
>>
>> My attempt with `dig @8.8.8.8 pir.org ANY` returns "MSG SIZE rcvd: 2509",
>> but no sign of ";; Truncated, retrying in TCP mode."
>>
>> Interresting problem.
>>
>>
> Just to check, are you testing on Google Cloud too Geert?
>
> `dig @8.8.8.8 pir.org ANY` works fine for me too.
>
No, I'm not on Google Cloud.
Regards
Geert Stappers
DevOps Engineer at Hendrikx-ITC
More information about the Dnsmasq-discuss
mailing list