set the truncated header when sending large responses via UDP and enable compression #205
Comments
|
Hey, Just for my understanding: you have following configuration: A sends DNS request to B via UDP and receives truncated response, but without "truncated" flag, correct? If yes, which protocol is used for C? If UDP, is the truncated flag set in response from C? |
|
A (Aruba AP) <--------> B (blocky) <--------> C (cloudflare dns, tcp+udp 1.1.1.1 by being lazy and not defining a protocol) All my normal backends are DoH or tcp-tls. In trying to diagnose this, I set a conditional upstream for this client so everything it sends to blocky goes direct to cloudflare. the block looks like this |
|
Does it mean, the response from cloudflare is also UDP > 512b and without "truncated" flag? |
|
The response direct from cloudflare is significantly smaller on the wire. 230b. It doesn't have a edit: "truncated" bit set. |
|
hm. interesting. Responses from upstream DNS are forwarded without modifications and stored in internal cache. I'll have to analyze it. Can you provide the request query, which produces > 512b response without truncated flag, so I can test it, please? |
|
Sure, happy to provide the query and my pcaps. Do you have a method I could use to communicate it privately? |
|
You can send me an email (use my email address from git commit history). |
|
Thank you for providing detailed information. I can reproduce the result with bigger messages: cloudflare dig @1.1.1.1 microsoft.com ✔ at 22:18:20 100%
; <<>> DiG 9.16.15 <<>> @1.1.1.1 microsoft.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19947
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;microsoft.com. IN A
;; ANSWER SECTION:
microsoft.com. 2479 IN A 104.215.148.63
microsoft.com. 2479 IN A 40.112.72.205
microsoft.com. 2479 IN A 13.77.161.179
microsoft.com. 2479 IN A 40.113.200.201
microsoft.com. 2479 IN A 40.76.4.15
;; Query time: 70 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri May 07 22:18:32 CEST 2021
;; MSG SIZE rcvd: 122
blocky dig @localhost -p 55555 microsoft.com ✔ at 22:18:32 100%
; <<>> DiG 9.16.15 <<>> @localhost -p 55555 microsoft.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27357
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;microsoft.com. IN A
;; ANSWER SECTION:
microsoft.com. 2441 IN A 40.76.4.15
microsoft.com. 2441 IN A 13.77.161.179
microsoft.com. 2441 IN A 104.215.148.63
microsoft.com. 2441 IN A 40.113.200.201
microsoft.com. 2441 IN A 40.112.72.205
;; Query time: 0 msec
;; SERVER: ::1#55555(::1)
;; WHEN: Fri May 07 22:19:06 CEST 2021
;; MSG SIZE rcvd: 176Last line (MSG SIZE) shows the message size. Plain query on 1.1.1.1 ->122 bytes, blocky 176 bytes. The problem is: used dns library does not enable the name compression (https://tools.ietf.org/html/rfc1035#section-4.1.4) by default |
Qapf
changed the title
0xERR0R
changed the title
|
Compression is enabled by default now. Also truncation was implemented: if EDNS is used, UDP size from request header (OPT record) is used. If non edns request: 512 for UDP and 64K for TCP. |
|
@Qapf thank you for your support! 🤝 |
I've an Aruba Instant On AP12 and it refuses to come online and work when Blocky is the dns resolver.
Taking a packet capture and looking at the conversation, it appears blocky isn't setting the truncated bit in the response headers when this response is larger than 512b.
The Aruba AP's dns client doesn't support edns0, so, not seeing the truncated header it doesn't then query again via TCP to get the full response.
Would it be possible to get a conditional flag for "older client" where I can tell blocky this particular endpoint won't support large UDP responses and it needs to set the header?
The text was updated successfully, but these errors were encountered: