DNS UDP packet size really means datagram?

xxiii · October 28, 2010, 6:32pm

I am assuming that in the DNS settings, the Max UDP packet size parameter really means datagram (which can be made up of more than one packet).

Can anyone confirm or deny this?

fewi · October 28, 2010, 6:56pm

DNS over UDP is limited to 512 bytes (RFC 1035, section 2.3.4 and 4.2.1). Messages that are larger in size are truncated to 512 bytes and the TC flag is set, triggering the client to re-query using TCP. DNS doesn’t support splitting a UDP payload smaller than 512 bytes into more than one packet.
While there were (compatible) proposed changes to RFC1035 pushing the UDP size limit upwards as far as I know they were never officially ratified. Don’t know if RouterOS supports them.

changeip · October 28, 2010, 8:34pm

EDNS can now use larger packets than 512. Not sure if thats payload or reassembled, but I know for a fact Ive seen them larger than 512 lately.

http://tools.ietf.org/html/rfc2671

Also, you can use this tool to check your path to see if your missing out or not:

https://www.dns-oarc.net/oarc/services/replysizetest

fewi · October 29, 2010, 12:31am

So it was ratified! Nice link.

xxiii · October 29, 2010, 12:48am

I’ll have to take a look at those, I saw discussion elsewhere in these forums about IPv6 DNS responses potentially not fitting in 512, and people upping the value, for instance to 4096, which means either that its really datagram, or they have increased their (or its assuming larger) MTUs.

Occasionally, when we’ve tried to switch to using RouterOS as a DNS cache for our clients, we have the occasional Macintosh user who starts having DNS issues, and was wondering if it could be related. However if the RFC specifies 512, then its probably something else, or Apple flipping off the established standards again.

I’ll take a look at those links, but anyone having Macintosh DNS issues with RouterOS?

fewi · October 29, 2010, 1:00am

Ran the test from the linked site on Snow Leopard just now and it comes back with 512 bytes and no EDNS support.

changeip · October 29, 2010, 4:38pm

RouterOS dns server isnt broken, but its limited.

pausing for a moment before i hit submit…

Okay, its broken. Try entering 4096 in the max field and see if it helps that reply size test. If it doesn’t, bypass the routeros dns cache and try it again. See the difference.

fewi · October 29, 2010, 4:51pm

Whoops, and I tested wrong assuming Google’s DNS would support EDNS. 8.8.8.8 anycasts to the closest Google DNS, and they won’t do more than 512 bytes. Snow Leopard is able to handle 4096 bytes just fine.