Odpověď na dns dotaz je větší než 4096 bytes

Odpověď na dns dotaz je větší než 4096 bytes
« kdy: 08. 11. 2019, 12:44:06 »
Dobrý den,

v moji síti s turrisem mi nefungovala doména www(dot)aquapark-uh(dot)cz. Zjistil jsem, že když nastavím v konfiguraci unboundu msg_buffer_size na '5000', tak to začalo fungovat. Původní hodnota byla 4096.

Přes dig lze vyzkoušet, že odpověď na dns dotaz je 4288 bytes.
Kód: [Vybrat]
dig +dnssec www.aquapark-uh.cz @77.78.104.149
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.10.3-P4-Debian <<>> +dnssec www.aquapark-uh.cz @77.78.104.149
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2968
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 8, ADDITIONAL: 33
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 65535
;; QUESTION SECTION:
;www.aquapark-uh.cz. IN A

;; ANSWER SECTION:
www.aquapark-uh.cz. 600 IN CNAME aquapark-uh.cz.
www.aquapark-uh.cz. 600 IN RRSIG CNAME 7 2 600 20200902100339 20190903100339 56890 aquapark-uh.cz. EPulMLKaCZ7lbcREJzj63uGTdKI4cXY2jifnK4qS/VodEUyF4P5SoDd+ W2wD6pdiKe+PAc7uNx7BzEezJMbKQ/LECL0lvkLrLbfhpa85g0rBtaQn fhSD1+H++Bv5vo2an/BL1J/afku4xqpjkFk5wgRZdrB6eXP9xTslkRE+ dbWmP6OesHplw1BQvPUGVU8Dfg8YzSxRPwYugmmipfKoYpZEMAn3tIwa kmdiW889YBVQA0vv+it4VgtuuFv6RWUbCfjoouVqvlpcgq1lXxFN5Fur s39ajfowqGDHpwl2rSWRTmVGguscNG96b5c2XXHyKNdBkQNQm+otHd2l b5FTO4NaBkbWfkLjlhbEaKz/+c+D/kHCKKTT3oaFDwegZioHkzwjgFkv Ii/CUko0CmIB1/xgmFcG0knwbWo3C7K706W4Y0FYkFMRLQ1821taEgnv E3LWOFfVwUP/ObFrMfG1FDiz4nHWH33BEdOPAA2HtGqITh4UG3HHCon+ 7tY1sCP4H2E2UPPARnUa5jq/zCUELTEt2tELE69Xb0HTes8oIy/66xGc KH5tunG16v3/7s0f/tzLaaAC88WFoHiL+OmgD1iQtlXF+i1RL0nrvzAh bfEjXMRxUyH6bUbeHk3u2brq8ATQVQoEV3hBwSglWus1b+b6am2WAhNe xaZMdpZV+P0=
aquapark-uh.cz. 600 IN A 46.28.105.54
aquapark-uh.cz. 600 IN RRSIG A 7 2 600 20200902100339 20190903100339 56890 aquapark-uh.cz. IDRMTubzn/XzK29w05LLAjF3mZj9pOMi69L5d97859+WXnmqtHbyU8pG ClwoMDNtYyRhojuAcPwsMw+CeNNBlDGNttLERa689sljD5z5NU+O13ZS Xtj8uXWi3WjlS2kOXbBnxeqTwiZVmBKML9xQ7SVxSJnViImhm+eVUl9i tPqHbMfpOysEqnZ1UhO4MQIIXqwgf2LsVM798IWAwL9NP/tnseqCIXoJ MZ2sIWC0bmbG5lChrgXSPsevmjN5SKGVnOhruVl7kMA61VrzCdCRiwOJ sJEMoQyjHGXLHkYSRMQCLaWLrKNnLPgLG4mcwfppjNX6NX+2tamG0Lf4 tEdXSdhWRuE2PHxtuZzmX7Ccc/8HHD0OgHOSErwbTU6kBgtv7OfswoUk UPfSDw20j4GpbpIFN6slvY4AcswzGJFATiSk1mHxE6SQ6KwDqel+YM08 FYP3HMd9ZTPymW3DLLbOjA6/6R7EgFnYcTuk7/7vUZLvgdgqusoYV8Ld g759Js5993LMIS2lZucUi7W9C7DHS3wA6a3CrPqDa8VlxjYfmt77e9zV ECLjLKtfMJng2m1LNH9CnljJqO6EfuRnRkZCFG3hXQIuMi0aT4vjoksL SUNwzJQzj6bHnHu2pt1arcfuFb9la3P+Sme0KNief6xrauZKaGN+EvJj iCGo4YBjAYs=

;; AUTHORITY SECTION:
sip.aquapark-uh.cz. 1800 IN NSEC aquapark-uh.cz. CNAME RRSIG NSEC
sip.aquapark-uh.cz. 1800 IN RRSIG NSEC 7 3 1800 20200902100339 20190903100339 56890 aquapark-uh.cz. hRRU9fk14BonrOVFajeFVyrzE2shCRkzPYC2ntDAAGN/0MOqM4WxUqQi l1JhlOveE9u0UBTRKqSlpln6PQpMOXmdiXBpUmRbkfWpTILGUuOlwlxS zzQcCUZtOQn/y1vKea8xNjaVVpYHou6tzYKxVV0MX5JVGL7/N0VGi5Rp 3Wl7isyC6SoAMz8DJ2MD+0y6+DrCwnED7ygSnvtqJUUxK9myEySg/NTc vJ3gnV9STYG0/xPLzarubep3oqaKE1x3/zwOOcTqHAEUASep8+p++7OL K2eFKl3nJhy2bKIG8+zYRaBeQFLdDECQHS/Q3nKsHwKlPig+JF2ZAELe L0p6BEsu8EfkajXFvvKHX9+8fX2+WmSwzijpNTN1XoVUikPb1kAp2lIc fFxpd08BPdrrTzy2vnWuNJ06sSu5SNpjH4EZnYlDXHUAJuWBU4Mv3NSA Sk6fdlymHVavGMZmA8DhYZPMHe9PqF2n7P08wNEb5FzcjW4SkWj6FzMA 1GVe9QclFQgXACP3U5j3YNBi0prU8cpUxdBwMI1clvy1PZbFY6uMiUh+ cDPtyHPuZSnaKYFh2ySbtw1tFoqUPmXYgbvnFBg4efuCeKhJ6exNbaGl VZftWrpBXfzcpwLLRFI8jqkQDyZd6mPLVkxodneXZubX1X9LbdpIknHh NbwsnAFQ3wk=
aquapark-uh.cz. 1800 IN NS ns4.gransy.com.
aquapark-uh.cz. 1800 IN NS ns3.gransy.com.
aquapark-uh.cz. 1800 IN NS ns2.gransy.com.
aquapark-uh.cz. 1800 IN NS ns5.gransy.com.
aquapark-uh.cz. 1800 IN NS ns.gransy.com.
aquapark-uh.cz. 1800 IN RRSIG NS 7 2 1800 20200902100339 20190903100339 56890 aquapark-uh.cz. vg4EhOX+r0/p2M/CFnXXrjeIrDw08l7GkuJ3OAN/acQ7XB7sxFRn1Iiq l73YCtHSImti31f1FY2+GP3bfCnDdHTLa0vVRdOo/fNgdvKAlwLIW1a/ 2yQnEQlCkzBt87fLvx91qoDvqaeANucRd8wmMfr7xqK7NxCgbkvOn4rj n3Vui1Fz7YT3Tw37sE87hGmR7V5wOx5nGUeVSTISVP6EgpIROIRFo8bz Pg/LUQxc2ddf88tUUO/I00lzNmgp0u2cG00qtlUpGxRhiKLhOy7g2Au6 HSFczQtxeLdQN6gqaJQ/u89H6W04BHgmK/8m1YXsYmMYnPp0ddjBoi4I Udhw+4yYB0SgpIE+KXlUmrhGU+MpF4ygdZ1VwQwkqJUiv1J7J1j7GTTI 4zswiBQdqE9I+cqk0gwthHsnEVvPZmivahZB4I+sRunDX+0sHG0V+WgM TOwyCfMo01sHcDq9d0lCZQ3SiHYdqHlIw2mbCcpL0ia5csRy2Xjd+5TD zJYiP6vsJM6pL26fFxCX9/BOqqVgVuwbGca2d2FtKTr9A24N1321yXOy KzozzS8DV9tOxWOMVt6ZyiXcqHm0FodPM1HM/UPgiEBD+RwCwYGyc4JA 8v8hRIGi939Ia5Chg2BoMGvR2iDnkt+HHBdmaPFO+Lkxqpgw+XoFiy9G MGOxG8uewwU=

;; ADDITIONAL SECTION:
ns.gransy.com. 1800 IN A 77.78.104.149
ns.gransy.com. 1800 IN A 95.179.136.180
ns.gransy.com. 1800 IN A 45.76.90.43
ns.gransy.com. 1800 IN AAAA 2001:19f0:5001:1caf:5400:1ff:fec5:8d50
ns2.gransy.com. 1800 IN A 217.16.185.221
ns2.gransy.com. 1800 IN A 217.69.4.49
ns2.gransy.com. 1800 IN A 95.179.192.121
ns2.gransy.com. 1800 IN AAAA 2001:19f0:7401:81e0:5400:1ff:fec5:8ef6
ns2.gransy.com. 1800 IN AAAA 2001:19f0:6801:474:5400:1ff:fec5:8efb
ns3.gransy.com. 1800 IN A 46.21.100.103
ns3.gransy.com. 1800 IN A 77.78.126.35
ns3.gransy.com. 1800 IN A 109.74.7.71
ns3.gransy.com. 1800 IN AAAA 2a02:750:8::32
ns3.gransy.com. 1800 IN AAAA 2a02:750:7::2e7
ns4.gransy.com. 1800 IN A 80.67.7.209
ns4.gransy.com. 1800 IN A 66.42.94.136
ns4.gransy.com. 1800 IN AAAA 2001:19f0:5401:69b:5400:1ff:fec5:8f3f
ns4.gransy.com. 1800 IN AAAA 2a00:1a28:2010:1::89
ns5.gransy.com. 1800 IN A 31.192.227.223
ns5.gransy.com. 1800 IN A 159.253.29.4
ns5.gransy.com. 1800 IN AAAA 2a02:750:14:1::80
ns5.gransy.com. 1800 IN AAAA 2a02:750:5::538
ns.gransy.com. 1800 IN RRSIG A 14 3 1800 20201024153403 20191025153403 60359 gransy.com. uDwBVXjfabQEbl3BIWPD1GXM0roxH4C5UQtmmF2eY+9U+k6k18W8+PmJ Gkc/3oEYyF4t3pkeVc0BnlmWpAqVKvVGPVp5ry7TZ39gX093XTk+M0nv HhhZqRPYrILO5UP5
ns.gransy.com. 1800 IN RRSIG AAAA 14 3 1800 20201024153403 20191025153403 60359 gransy.com. eSsRKXYNLJ7IKxmUJc8exOWM6pIrUOsEE4Na0UmPALxloAw0zUu398jw 7b9vL0UR8ZYt1QgzH4OTWPu8JwP3ok1JEwLVRepMbKx+unZn6Q0fedfO G6wt6+fwiqwezTOu
ns2.gransy.com. 1800 IN RRSIG A 14 3 1800 20201024153403 20191025153403 60359 gransy.com. +IPjvX4B85M7dv8yQPeCAuPkQVbRAPtLQ14nJHaOyoSybMBYBI8EuGMe rcDvlvb4zdcorMkQcE1Ha6ywxH6MStjJOuVODN+ohfACdiOawhOcOTb+ Eh9+5uvw7lWLmEP0
ns2.gransy.com. 1800 IN RRSIG AAAA 14 3 1800 20201024153403 20191025153403 60359 gransy.com. Hj4j0dZTK38SGA9t2OHtWQXcytZM5Txb6OFbhBP/WNCWOUH2rdgS06Np hkzM+5+XX+AhBiz3X8cvxU6kXcXc55AsvaLtcynqwxfTmC2PKBUe1Aj5 sD6GibQ1D1GSgErt
ns3.gransy.com. 1800 IN RRSIG A 14 3 1800 20201024153403 20191025153403 60359 gransy.com. oG7PUVUarZN8ueU5PhFylcdN4Mp4nJgdF53/VIRIgq3dciJYlvNn3bq4 Zjf3nLniT0Tnmb6OvgakmXYNVnb5jsYV7wKo6qKogVUUYq98SwnPmBYI xe8Te8NEpfgVZjU3
ns3.gransy.com. 1800 IN RRSIG AAAA 14 3 1800 20201024153403 20191025153403 60359 gransy.com. L22trLb789sDF0Js28jUi0Wmv/ma24S8f9Xdt1RyfadXjyh3nzzB9uGb 2l48EzPxn0/l9heXYFNzieWO1C18TznaupR4RgJ0qu+mHZ9v6fq/UZte 0NiEPPSeE4sR3KPI
ns4.gransy.com. 1800 IN RRSIG A 14 3 1800 20201024153403 20191025153403 60359 gransy.com. F6Xbzu0QfKuHCrvNbX6TMySCDtu7z1oMI/xyfPUjmewtcB9QVFjynBri wu+91KvqrxSx7TEI2VnFSU2Wut8qNGwJgjeafEdizfZwvNtcLsL9PEal CszPNFCA2JSM5CSx
ns4.gransy.com. 1800 IN RRSIG AAAA 14 3 1800 20201024153403 20191025153403 60359 gransy.com. 3zuygcsNrdZnEFlFcsIp0YJ8JYRZqeUIyyI0Ey3jCLdLPZ3Zc1HKKIt4 JG4D8if+Sd6KoosCTtxYa4tvcQfG+CxBXb0R12AHzGcDsdRhRmVUYZ4D agH7RVy5nuLUpz3J
ns5.gransy.com. 1800 IN RRSIG A 14 3 1800 20201024153403 20191025153403 60359 gransy.com. FjY3o9BjhhoqHo/RTYEJ7XLCEj/HI7QA7ukqJaRz8MrqMv+r+0lgw18/ 3IiOIAVUu0dZUlsqiJlpREaua+XFi7/pRbQGrpUMTq24xJYZzRoZoxhm zFh6qozWZq209b+V
ns5.gransy.com. 1800 IN RRSIG AAAA 14 3 1800 20201024153403 20191025153403 60359 gransy.com. X9lL/5vAj1MKYfi4mXuA4+Ea8gXQrc0y4UidKZMu8bc1/dJ1q6RLjdCl 5sgoFDqNoqyYGVrkalpuK6k0SfU8dGfA6nmR/mmUIxvSyR5+prfjXzBz LrgZxSfYTi7MAIht

;; Query time: 11 msec
;; SERVER: 77.78.104.149#53(77.78.104.149)
;; WHEN: Fri Nov 08 12:40:42 CET 2019
;; MSG SIZE  rcvd: 4288

Je špatně, že odpověď dns je větší než 4096 bytes? Nebo si mám zvětšit buffer v konfiguraci unbound?


Re:Odpověď na dns dotaz je větší než 4096 bytes
« Odpověď #1 kdy: 08. 11. 2019, 18:57:15 »
https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Citace
       msg-buffer-size: <number>
              Number of bytes size of the message buffers.  Default  is  65552
              bytes,  enough  for 64 Kb packets, the maximum DNS message size.
              No message larger than this can be  sent  or  received.  Can  be
              reduced to use less memory, but some requests for DNS data, such
              as for huge resource records, will result in a SERVFAIL reply to
              the client.

Asi sa setrilo na pamatovej narocnosti, ked si mal iba 4096 bytov nastavene.

Re:Odpověď na dns dotaz je větší než 4096 bytes
« Odpověď #2 kdy: 08. 11. 2019, 19:40:43 »
Tohle je skutečně evidentně chyba v konfiguraci Unbounda v TurrisOS. Nahlásil jsem to.