Bug 4236 - IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big
IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big
Status: RESOLVED FIXED
Product: NSD
Classification: Unclassified
Component: NSD Code
4.1.x
All All
: P5 minor
Assigned To: NSD team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-09 08:02 CET by Daisuke HIGASHI
Modified: 2019-03-11 12:25 CET (History)
1 user (show)

See Also:


Attachments
IPV4_MINIMAL_RESPONSE_SIZE patch for NSD 4.1.26 (1.31 KB, application/octet-stream)
2019-03-09 08:02 CET, Daisuke HIGASHI
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daisuke HIGASHI 2019-03-09 08:02:15 CET
Created attachment 567 [details]
IPV4_MINIMAL_RESPONSE_SIZE patch for NSD 4.1.26

[tdtr]
I suggest to change a constant defined in packet.h to:

 IPV4_MINIMAL_RESPONSE_SIZE 1460

A patch attached.


[Description]

NSD makes effort to shorten UDP DNS response size avoiding truncation as per RFC2181 section 9. Basically the message size limit is requester's advertised EDNS buffer size or 512bytes (no-EDNS case).

Furthermore NSD defines another limit (packet.h):

IPV4_MINIMAL_RESPONSE_SIZE 1480
IPV6_MINIMAL_RESPONSE_SIZE 1220

Seeminly this feature is to avoid IP fragmentation. This is good feature, but 1480 for IPv4 is slightly too big.


Assuming IPv4 MTU on standard Ethernet, UDP payload size not to be fragmented is:

  1500 (IPv4 MTU on standard Ethernet)
   - 20 (IPv4 header)
   - 8 (UDP header)
  = 1472

And, it seems that IPV4_MINIMAL_RESPONSE_SIZE doesn't contain size of EDNS OPT record. So exact value for IPV4_MINIMAL_RESPONSE_SIZE will be:

  1500 (IPv4 MTU on standard Ethernet)
   - 20 (IPv4 header)
   - 8 (UDP header)
   - 11 (EDNS OPT record without any option)
  = 1461
    ~~~~

Note that, in case of NSD, OPT record may contain NSID option. But it is OK to consider only an OPT record without any option because NSID is used for diagnostic purpose only. We will be have to consider decreasing this value more when NSD implements other EDNS options (e.g. client-subnet)


For IPV6_MINIMAL_RESPONSE_SIZE the exact value will be:

  1280 (IPv6 minimum MTU)
   - 40 (IPv6 Header)
   - 8 (UDP header)
   - 11 (EDNS OPT)
  = 1221
    ~~~~
(Sorry for long description)

For simplicity I suggest these value:
IPV4_MINIMAL_RESPONSE_SIZE 1460 (changed from 1480)
IPV6_MINIMAL_RESPONSE_SIZE 1220 (unchanged)
Comment 1 Wouter Wijngaards 2019-03-11 12:25:40 CET
Hi Daisuke,

Thank you for the patch and calculation.  I have applied the fix and suggested values.

Best regards, Wouter