On Wed, 18 Aug 2004, Jonathan de Boyne Pollard wrote:
> HN> Looks good, except that DNS replies larger than 512 bytes does not
> HN> need to fail.
>
> DNS/UDP responses larger that 512 octets will never be sent in the first
> place, because squid's "internal" DNS client doesn't use to EDNS0 to
> advertise the ability to support them (which, of course, it doesn't, in any
> case). DNS/TCP responses larger than 512 octets will never be sent because
> squid's "internal" DNS client simply doesn't support DNS/TCP at all.
When the DNS response is larger than 512 octets the DNS resolver sends a
truncated message.
> It's invariably wrong, and squid's "internal" DNS client is badly broken for
> using any of the resource records in the response at all. A correctly
> written DNS client has no choice but to stop (and fall back to DNS/TCP) when
> it sees the TC bit set to 1 in a DNS/UDP response.
To this I agree, but it works sufficiently well for the purpose. We do
intend to fix this however time permitting. Patches are obviously very
welcome.
Regards
Henrik
Received on Thu Aug 19 2004 - 03:05:54 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT