trouble with .gov dns?

William Herrin bill at herrin.us
Mon May 2 11:01:06 CDT 2011


Hi Folks,

Anyone else having trouble with .gov DNS failing with edns-udp-size set to 512?

Here's what I'm seeing:

No edns-udp-size setting.
tcpdump -n -s 0 -vv -i eth1 host 209.112.123.30 or host 69.36.157.30
nslookup www.nsf.gov 127.0.0.1

11:42:36.574916 IP (tos 0x0, ttl 64, id 21833, offset 0, flags [none],
proto UDP (17), length 68) 71.246.241.146.10399 > 69.36.157.30.53:
[udp sum ok] 56983 [1au] A? www.nsf.gov. ar: . OPT UDPsize=4096 OK
(40)
11:42:36.659636 IP (tos 0x0, ttl 249, id 54334, offset 0, flags
[none], proto UDP (17), length 598) 69.36.157.30.53 >
71.246.241.146.10399: [udp sum ok] 56983- q: A? www.nsf.gov. 0/7/5 ns:
nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS
cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov.
DS, nsf.gov. RRSIG ar: swirl.nsf.gov. A 198.181.231.15, whirl.nsf.gov.
A 198.181.231.16, cyclone.nsf.gov. A 204.14.134.227, twister.nsf.gov.
A 198.181.231.17, . OPT UDPsize=1472 (570)

edns-udp-size 512
tcpdump -n -s 0 -vv -i eth1 host 209.112.123.30 or host 69.36.157.30
nslookup www.nsf.gov 127.0.0.1
11:53:01.604105 IP (tos 0x0, ttl 64, id 21834, offset 0, flags [none],
proto UDP (17), length 68) 71.246.241.146.58103 > 69.36.157.30.53:
[udp sum ok] 10320 [1au] A? www.nsf.gov. ar: . OPT UDPsize=512 OK (40)
11:53:01.690414 IP (tos 0x0, ttl 249, id 28744, offset 0, flags
[none], proto UDP (17), length 534) 69.36.157.30.53 >
71.246.241.146.58103: [udp sum ok] 10320- q: A? www.nsf.gov. 0/7/1 ns:
nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS
cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov.
DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (506)
11:53:01.695000 IP (tos 0x0, ttl 64, id 20662, offset 0, flags [none],
proto UDP (17), length 70) 71.246.241.146.23911 > 209.112.123.30.53:
[udp sum ok] 18982% [1au] A? whirl.nsf.gov. ar: . OPT UDPsize=512 OK
(42)
11:53:01.695489 IP (tos 0x0, ttl 64, id 20663, offset 0, flags [none],
proto UDP (17), length 70) 71.246.241.146.63892 > 209.112.123.30.53:
[udp sum ok] 3675% [1au] AAAA? whirl.nsf.gov. ar: . OPT UDPsize=512 OK
(42)
11:53:01.695931 IP (tos 0x0, ttl 64, id 20664, offset 0, flags [none],
proto UDP (17), length 70) 71.246.241.146.37019 > 209.112.123.30.53:
[udp sum ok] 36777% [1au] A? swirl.nsf.gov. ar: . OPT UDPsize=512 OK
(42)
11:53:01.696274 IP (tos 0x0, ttl 64, id 20665, offset 0, flags [none],
proto UDP (17), length 70) 71.246.241.146.15021 > 209.112.123.30.53:
[udp sum ok] 13755% [1au] AAAA? swirl.nsf.gov. ar: . OPT UDPsize=512
OK (42)
11:53:01.696653 IP (tos 0x0, ttl 64, id 20666, offset 0, flags [none],
proto UDP (17), length 72) 71.246.241.146.38082 > 209.112.123.30.53:
[udp sum ok] 14449% [1au] A? cyclone.nsf.gov. ar: . OPT UDPsize=512 OK
(44)
11:53:01.697045 IP (tos 0x0, ttl 64, id 20667, offset 0, flags [none],
proto UDP (17), length 72) 71.246.241.146.28219 > 209.112.123.30.53:
[udp sum ok] 38858% [1au] AAAA? cyclone.nsf.gov. ar: . OPT UDPsize=512
OK (44)
11:53:01.699294 IP (tos 0x0, ttl 64, id 20668, offset 0, flags [none],
proto UDP (17), length 72) 71.246.241.146.50745 > 209.112.123.30.53:
[udp sum ok] 53248% [1au] A? twister.nsf.gov. ar: . OPT UDPsize=512 OK
(44)
11:53:01.700257 IP (tos 0x0, ttl 64, id 20669, offset 0, flags [none],
proto UDP (17), length 72) 71.246.241.146.21482 > 209.112.123.30.53:
[udp sum ok] 56185% [1au] AAAA? twister.nsf.gov. ar: . OPT UDPsize=512
OK (44)
11:53:01.780833 IP (tos 0x0, ttl 251, id 9453, offset 0, flags [none],
proto UDP (17), length 536) 209.112.123.30.53 > 71.246.241.146.23911:
[udp sum ok] 18982- q: A? whirl.nsf.gov. 0/7/1 ns: nsf.gov. NS
swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS
cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov.
DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508)
11:53:01.781284 IP (tos 0x0, ttl 251, id 24142, offset 0, flags
[none], proto UDP (17), length 536) 209.112.123.30.53 >
71.246.241.146.63892: [udp sum ok] 3675- q: AAAA? whirl.nsf.gov. 0/7/1
ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov.
NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS,
nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508)
11:53:01.781999 IP (tos 0x0, ttl 251, id 9454, offset 0, flags [none],
proto UDP (17), length 536) 209.112.123.30.53 > 71.246.241.146.37019:
[udp sum ok] 36777- q: A? swirl.nsf.gov. 0/7/1 ns: nsf.gov. NS
swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS
cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov.
DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508)
11:53:01.782136 IP (tos 0x0, ttl 251, id 24143, offset 0, flags
[none], proto UDP (17), length 536) 209.112.123.30.53 >
71.246.241.146.15021: [udp sum ok] 13755- q: AAAA? swirl.nsf.gov.
0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov.,
nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov.
DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (508)
11:53:01.782552 IP (tos 0x0, ttl 251, id 9455, offset 0, flags [none],
proto UDP (17), length 538) 209.112.123.30.53 > 71.246.241.146.38082:
[udp sum ok] 14449- q: A? cyclone.nsf.gov. 0/7/1 ns: nsf.gov. NS
swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS
cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov.
DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510)
11:53:01.782937 IP (tos 0x0, ttl 251, id 24144, offset 0, flags
[none], proto UDP (17), length 538) 209.112.123.30.53 >
71.246.241.146.28219: [udp sum ok] 38858- q: AAAA? cyclone.nsf.gov.
0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov.,
nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov.
DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510)
11:53:01.785168 IP (tos 0x0, ttl 251, id 9456, offset 0, flags [none],
proto UDP (17), length 538) 209.112.123.30.53 > 71.246.241.146.50745:
[udp sum ok] 53248- q: A? twister.nsf.gov. 0/7/1 ns: nsf.gov. NS
swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov., nsf.gov. NS
cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov. DS, nsf.gov.
DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510)
11:53:01.786251 IP (tos 0x0, ttl 251, id 24145, offset 0, flags
[none], proto UDP (17), length 538) 209.112.123.30.53 >
71.246.241.146.21482: [udp sum ok] 56185- q: AAAA? twister.nsf.gov.
0/7/1 ns: nsf.gov. NS swirl.nsf.gov., nsf.gov. NS whirl.nsf.gov.,
nsf.gov. NS cyclone.nsf.gov., nsf.gov. NS twister.nsf.gov., nsf.gov.
DS, nsf.gov. DS, nsf.gov. RRSIG ar: . OPT UDPsize=1472 (510)


So with edns-udp-size set to 512 it looks like the .gov servers
(a.gov-servers.net, b.gov-servers.net) refuse to ever return the
necessary glue for the nsf.gov DNS servers. Am I reading this right?

Thanks,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list