NSD SRV rr return limit

Will_Pressly · May 15, 2012, 10:18pm

Hi All,

Is there a limit to the number of SRV records that NSD will return, outside of the upper bound on packet size? I have a name that has ~18 SRV records, and I only see the same four, always. The packet size out on the wire is 260B, so I would expect we could cram some more in there, and I am not sure why we are only ever seeing the same five.

I wanted to ask before burning time on a source-code code-dive. I am using nsd 3.2.5.

Thanks,
Will Pressly

Bryan_Duff · May 15, 2012, 10:44pm

Remember NSD doesn’t rotate records in the same set (or in any case). Also, you aren’t going through a caching server are you?

$ dig @192.168.2.231 _autodiscover._tcp.example.org srv
…
;; QUESTION SECTION:
;_autodiscover._tcp.example.org. IN SRV

;; ANSWER SECTION:
_autodiscover._tcp.example.org. 30 IN SRV 1 100 25 mail.example.org.
_autodiscover._tcp.example.org. 30 IN SRV 2 100 25 mail.example.org.
_autodiscover._tcp.example.org. 30 IN SRV 3 100 25 mail.example.org.
_autodiscover._tcp.example.org. 30 IN SRV 4 100 25 mail.example.org.
_autodiscover._tcp.example.org. 30 IN SRV 5 100 25 mail.example.org.

;; AUTHORITY SECTION:
example.org. 360 IN NS ns1.example.org.
//end snip

That was just me quickly creating some entries on a test zone. Often caching servers limit the number of RR’s to whatever they feel like (4 seems common). That’s just my experience.

-Bryan

Will_Pressly · May 15, 2012, 11:08pm

Nah. I am querying directly against the authority.

Thanks, though.
Will

Wouter · May 16, 2012, 7:31am

Hi Will,

Nah. I am querying directly against the authority.

There is no limit imposed (apart from packet size and the 16-bit
counter for the number of RRs and so on). So, practically, 30 or so
to keep easily within UDP message sizes (you would need to test to see
the compression benefits and resulting message size), and with TCP
failover up to 64Kib of data (thousands of SRVs).

Best regards,
Wouter

Bert · May 16, 2012, 10:50am

Coincidentally, to make the point that there is no limit on the size of an RRset (a TXT RR in this case) the SRV specification (RFC2782) has been available through the following query for quite some time now:

dig @ns.secret-wg.org _srv.secret-wg.org TXT +dnssec

Will_Pressly · May 17, 2012, 6:09am

Actually, I found my issue. Thanks all. It was just a little misconfiguration. Sorry for the false alarm.

Thanks,
Will

Jan-Piet_Mens1 · May 17, 2012, 11:26am

Bert,

dig @ns.secret-wg.org _srv.secret-wg.org TXT +dnssec

you definitely ought to be awarded one of these mugs:
http://twitpic.com/9au7p5

-JP