DNS was [Gllug] IPSec

Tom Gilbert tom at linuxbrit.co.uk
Tue Feb 12 15:25:19 UTC 2002 

* Richard Cottrill (richard_c at tpg.com.au) wrote:
> I'm curious; what's a 'large' DNS query? Is that where you store a HUGE
> FQDN, or when you store other stuff in a DNS (like keys for IPSec)? Is it
> only appropriate for lookups or for reverse lookups as well?
> 
> Apart from name/IP data and IPSec stuff (which initially surprised me) what
> else do people put in DNS? What are the limitations?

The maximum DNS response packet size is 512 bytes afair.

There's a bunch of different data you can store in DNS, and large
responses are fairly common. For example, TXT records can be very big.
The spec requires clients to notice truncated responses and retry using
TCP - _few_ clients are capable of this however.

Another example of big packets are round-robin virtual addresses, where
the DNS server might return 10 IP addresses for one hostname lookup.

Interesting URL:
http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-dnsind-udp-size-02.txt

Quote:
   DNS over UDP is constrained to one packet for the request, which is
   normally no problem as requests are usually small, and one packet for
   response, which can be a problem.  The DNS data portion of DNS UDP
   packets is currently limited to 512 bytes.  The standard states that
   if the data required to be in the response to a UDP request does not
   fit in 512 bytes, a truncation flag bit is set in the response and
   the resolver must try again using TCP with TCP's substantially higher
   set up and tear down overhead.

   As signatures and/or keys are included in more responses due to DNS
   security [RFC 2065] and average domain names get longer and larger
   addresses for IPv6 [RFC 1886] come into use and there are increasing
   numbers of instances of larger RRsets, the old UDP response size
   limit will increasingly be exceeded. Yet the bulk of the network has
   MTUs on the order of the Ethernet MTU or larger (in some cases
   simulated by link adaptation layers that disguise a smaller physical
   MTU) and all modern IP stacks can handle buffering of that size or
   larger.

Tom.
-- 
   .^.    .-------------------------------------------------------.
   /V\    | Tom Gilbert, London, England | http://linuxbrit.co.uk |
 /(   )\  | Open Source/UNIX consultant  | tom at linuxbrit.co.uk    |
  ^^-^^   `-------------------------------------------------------'

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list