[prev in list] [next in list] [prev in thread] [next in thread]
List: djbdns
Subject: Re: patches, trivia [update]
From: Erwin Hoffmann <feh () fehcom ! de>
Date: 2019-02-15 12:08:45
Message-ID: 378094FF-AB6E-47C0-9195-97BEDB29417A () fehcom ! de
[Download RAW message or body]
Hi Joseph,
fooled myself.
The frist dnsip query return, but the later not:
2019-02-15 13:05:20.939867500 tx 2 1 evergreen.v6.afraid.org. . - c7090ec9 c6290004 \
20010503ba3e00000000000000020030 2001050002000000000000000000000b 2019-02-15 \
13:05:21.193114500 drop 25 connection reset
Any later return consistently:
dnsqr a n2.afraid.org
1 n2.afraid.org:
timed out
2019-02-15 13:05:47.879096500 tx 3 1 evergreen.v6.afraid.org. afraid.org. - 462761f5 \
45c512ad 43dc51bb 3217c55d ae80f664 462761e2 adc1dc74 454132df 2019-02-15 \
13:05:48.121968500 nodata 462761f5 3600 1 evergreen.v6.afraid.org. 2019-02-15 \
13:05:48.121996500 cached 28 evergreen.v6.afraid.org. 2019-02-15 13:05:48.122001500 \
cached 1 evergreen.afraid.org. 2019-02-15 13:05:48.122033500 tx 2 1 \
evergreen.v6.afraid.org. afraid.org. - ae80f664 462761f5 adc1dc74 45c512ad \
2607f0d0110200d50000000000000002 454132df 43dc51bb 462761e2 3217c55d 2019-02-15 \
13:05:48.369649500 nodata ae80f664 3600 1 evergreen.v6.afraid.org. 2019-02-15 \
13:05:48.369699500 cached 28 evergreen.v6.afraid.org. 2019-02-15 13:05:48.369700500 \
tx 1 1 evergreen.v6.afraid.org. afraid.org. - 43dc51bb 462761e2 454132df adc1dc74 \
45c512ad 3217c55d 2607f0d0110200d50000000000000002 462761f5 ae80f664 2019-02-15 \
13:05:48.576602500 nodata 43dc51bb 3600 1 evergreen.v6.afraid.org. 2019-02-15 \
13:05:48.576628500 cached 28 evergreen.v6.afraid.org. 2019-02-15 13:05:48.576667500 \
tx 0 1 n2.afraid.org. afraid.org. - 454132df adc1dc74 ae80f664 462761f5 43dc51bb \
45c512ad 2607f0d0110200d50000000000000002 462761e2 3217c55d 2019-02-15 \
13:05:48.918181500 nxdomain adc1dc74 3600 n2.afraid.org.
Thanks for the serverfailed patch.
Regards.
--eh.
> Am 15.02.2019 um 12:08 schrieb Erwin Hoffmann <feh@fehcom.de>:
>
> HI Joseph,
>
> thanks for your interesting analysis.
>
> > Am 15.02.2019 um 02:07 schrieb Joseph Tam <jtam.home@gmail.com>:
> >
> > The recent DNS Flag Day had me reviewing my current DJBDNS build,
> > including reviewing third-party patches installed and evaluating new
> > patches to add EDNS, which in the end, I didn't have to apply.
> >
> > There's a bewildering number of patches available: I've added some
> > patches included in Ndjbdns (most based on submissions to this list), some
> > homebrew ones, and one that Jeff King wrote to deal with SERVFAIL/REFUSED
> > responses
> >
> > http://marc.info/?l=djbdns&m=126077340701555&w=2
> >
> > Does anyone know of (or can offer) a list of patches that categorizes
> > them as "must have", "should have", and optional patches that offer
> > modern/special features?
> >
> > The "trivia" in the subject relates to a patch to cope with resolution
> > paths requiring an extraordinary number of fetches:
> >
> > https://github.com/pjps/ndjbdns/issues/15
> >
> > Out of curiosity, I removed the limit and logged the value of z->loop
> > to resolve A:ns2.afraid.org. Answer: 940, nearly one order of magnitude
> > larger than the original value. You can still get an answer from shorter
> > delegation paths using z->loop<500, but I don't know where the limit is
> > nowadays to achieve 6-sigma confidence of a getting an answer.
>
> I'm mot pretty sure, whether you hit the root-cause here.
>
> Just did a quick check with my
>
> https://www.fehcom.de/ipnet/djbdnscurve6.html
>
>
> I do get resolution here (with a fresh started dnscache):
>
> @400000005c668e5c2cc25dcc starting dnscache listening on ip \
> fd000000000000011a31bffffedfa791%0 sending queries from ip 0 \
> 0000000000000000000000000000000 udp maxsize = 1280
>
> @400000005c669883209eede4 query 241 fd000000000000011a31bffffedfa791:7dc6:62bb 28 \
> ns2.afraid.org. @400000005c669883209f3c04 cached ns org. a0.org.afilias-nst.info.
> @400000005c669883209f43d4 cached ns org. b0.org.afilias-nst.org.
> @400000005c669883209f47bc cached ns org. d0.org.afilias-nst.org.
> @400000005c669883209f4f8c cached ns org. b2.org.afilias-nst.org.
> @400000005c669883209f5374 cached ns org. a2.org.afilias-nst.info.
> @400000005c669883209f575c cached ns org. c0.org.afilias-nst.info.
>
> ....
>
> time dnsip n2.afraid.org
>
>
> real 4m41.793s
> user 0m0.007s
> sys 0m0.001s
>
>
> ....
>
> 2019-02-15 11:56:12.398315500 cached 1 c0.org.afilias-nst.info.
> 2019-02-15 11:56:12.398363500 tx 3 1 evergreen.v6.afraid.org. org. - c7133601 \
> c7133801 c7133901 c7f97801 c7133501 c7f97001 2019-02-15 11:56:12.568372500 rr \
> c7133601 86400 1 ns7.afraid.org. 45c512ad 2019-02-15 11:56:12.568403500 rr c7133601 \
> 86400 1 granite.afraid.org. 462761f5 2019-02-15 11:56:12.568405500 rr c7133601 \
> 86400 1 tungsten.afraid.org. adc1dc74 2019-02-15 11:56:12.568407500 rr c7133601 \
> 86400 1 evergreen.afraid.org. 3217c55d 2019-02-15 11:56:12.568408500 rr c7133601 \
> 86400 ns afraid.org. evergreen.afraid.org. 2019-02-15 11:56:12.568410500 rr \
> c7133601 86400 ns afraid.org. fueled.byhamsters.net. 2019-02-15 11:56:12.568411500 \
> rr c7133601 86400 ns afraid.org. tungsten.afraid.org. 2019-02-15 11:56:12.568422500 \
> rr c7133601 86400 ns afraid.org. evergreen.v6.afraid.org. 2019-02-15 \
> 11:56:12.568423500 rr c7133601 86400 ns afraid.org. mint.ns37.net. 2019-02-15 \
> 11:56:12.568425500 rr c7133601 86400 ns afraid.org. granite.afraid.org. 2019-02-15 \
> 11:56:12.568426500 rr c7133601 86400 ns afraid.org. ns7.afraid.org. 2019-02-15 \
> 11:56:12.568428500 rr c7133601 86400 ns afraid.org. namely.resolute-3.com. \
> 2019-02-15 11:56:12.568429500 rr c7133601 86400 ns afraid.org. \
> house.ofpenguins.net. 2019-02-15 11:56:12.568439500 rr c7133601 86400 28 \
> evergreen.v6.afraid.org. 2607f0d0110200d50000000000000002 2019-02-15 \
> 11:56:12.568441500 stats 28 95960 1 0 0 2019-02-15 11:56:12.568534500 cached 1 \
> evergreen.afraid.org. 2019-02-15 11:56:12.568535500 cached 1 fueled.byhamsters.net.
> 2019-02-15 11:56:12.568536500 cached 1 tungsten.afraid.org.
> 2019-02-15 11:56:12.568582500 tx 4 1 evergreen.v6.afraid.org. . - \
> 20010503ba3e00000000000000020030 c7090ec9 2001050002000000000000000000000b c6290004 \
>
> I use within query.h:
>
> #ifndef QUERY_H
> #define QUERY_H
>
> #include "dns.h"
> #include "uint_t.h"
>
> /* the following constants can be changed on own risk; defaults Y2018 with partial \
> IPv6 support at provider */
> #define QUERY_MAXLEVEL 5 /* search depth */
> #define QUERY_MAXALIAS 16 /* glue depth */
> #define QUERY_MAXLOOP 100 /* queries per NS */
> #
> #define QUERY_MAXUDP 400 /* used by dnscache */
> #define QUERY_MAXTCP 40
>
> /* byte patterns for well-known IP addresses and names in DNS messages */
>
> #define IP6_LOOPBACK_ARPA \
> "\0011\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\0010\001
> 0\0010\0010\0010\0010\0010\0010\0010\0010\003ip6\004arpa\0"
>
> ....
>
>
> The main differences:
>
> a) dnsip does a AAAA and A query (in this order).
>
> b) Query is done against IPv6 DNS servers in particular.
>
> c) Answers are accepted with larger UDP message sizes (udp maxsize = 1280)
>
> d) The query uses a quadratic scheme:
>
> dns_transmit.c:static const int timeouts[5] = { 1, 3, 9, 27, 81 }; /* quadratic, \
> not exponentially */
>
>
> > 4 mins seems still to be a lot; but increasing the loop index to 1000 may not be \
> > sane as well.
>
>
>
> Best regards.
> --eh.
>
>
>
>
>
> >
> > Joseph Tam <jtam.home@gmail.com>
> >
>
> Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id 7E4034BE
>
>
>
>
>
>
>
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id 7E4034BE
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic