Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reducing DNS packet size for nameserver ::1 to 1280 #284

Open
aershey-git opened this issue Apr 9, 2021 · 2 comments
Open

reducing DNS packet size for nameserver ::1 to 1280 #284

aershey-git opened this issue Apr 9, 2021 · 2 comments

Comments

@aershey-git
Copy link

aershey-git commented Apr 9, 2021
edited
Loading

OpenWrt 19.07.6
stubby 0.3.0-1
dnsmasq-full 2.80-16.3

Dnsmasq reducing DNS packet size when forwarding request to stubby. Mostly with Microsoft domains. Upstream TLS DNS server is 9.9.9.11 eDNS0 enables with ECS.
Changing edns_client_subnet_private to 0 from 1 does not change behavior.


dnsmasq[3619]: query[A] login.live.com from 192.168.1.55
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: reply login.live.com is NODATA-IPv4
dnsmasq[3619]: query[A] displaycatalog.mp.microsoft.com from 192.168.1.55
dnsmasq[3619]: forwarded displaycatalog.mp.microsoft.com to ::1
dnsmasq[3619]: query[A] displaycatalog.mp.microsoft.com from 192.168.1.55
dnsmasq[3619]: forwarded displaycatalog.mp.microsoft.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: forwarded rum14.perf.linkedin.com to ::1
dnsmasq[3619]: reply rum14.perf.linkedin.com is <CNAME>
dnsmasq[3619]: reply www-linkedin-com.l-0005.l-msedge.net is <CNAME>
dnsmasq[3619]: reply l-0005.l-msedge.net is 2620:1ec:21::14
dnsmasq[3619]: query[A] fp-afd.azureedge.net from 192.168.1.90
dnsmasq[3619]: forwarded fp-afd.azureedge.net to ::1
dnsmasq[3619]: query[A] fp-afd.azureedge.net from 192.168.1.90
dnsmasq[3619]: forwarded fp-afd.azureedge.net to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: reply teams-events-data.trafficmanager.net is <CNAME>
dnsmasq[3619]: reply skypedataprdcoluks01.cloudapp.net is 52.114.88.20
dnsmasq[3619]: query[A] ctldl.windowsupdate.com from 192.168.1.55
dnsmasq[3619]: cached ctldl.windowsupdate.com is <CNAME>
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: query[A] ctldl.windowsupdate.com from 192.168.1.55
dnsmasq[3619]: cached ctldl.windowsupdate.com is <CNAME>
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: forwarded s-ring.msedge.net to ::1
dnsmasq[3619]: reply s-ring.msedge.net is <CNAME>
dnsmasq[3619]: reply s-ring.s-9999.s-msedge.net is <CNAME>
dnsmasq[3619]: reply s-9999.s-msedge.net is NODATA-IPv6
dnsmasq[3619]: query[A] fp-afd-nocache.azureedge.net from 192.168.1.90
dnsmasq[3619]: forwarded fp-afd-nocache.azureedge.net to ::1
dnsmasq[3619]: query[A] fp-afd-nocache.azureedge.net from 192.168.1.90
dnsmasq[3619]: forwarded fp-afd-nocache.azureedge.net to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: reply fp-afd.azureedge.net is <CNAME>
dnsmasq[3619]: reply fp-afd.afd.azureedge.net is <CNAME>
dnsmasq[3619]: reply star-azureedge-prod.trafficmanager.net is <CNAME>
dnsmasq[3619]: reply dual.t-0009.t-msedge.net is <CNAME>
dnsmasq[3619]: reply t-0009.t-msedge.net is <CNAME>
dnsmasq[3619]: reply Edge-Prod-BL2r3.ctrl.t-0009.t-msedge.net is <CNAME>
dnsmasq[3619]: reply standard.t-0009.t-msedge.net is 2620:1ec:bdf::19
dnsmasq[3619]: reply standard.t-0009.t-msedge.net is 2620:1ec:46::19
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: forwarded r4.res.office365.com to ::1
dnsmasq[3619]: reply r4.res.office365.com is <CNAME>
dnsmasq[3619]: reply r4.res.office365.com.edgekey.net is <CNAME>
dnsmasq[3619]: reply e1875.dscg.akamaiedge.net is 184.28.88.89
dnsmasq[3619]: query[A] fd6a9bc1c3f24664a11f1d7054d75de8.fp.measure.office.com from 192.168.1.55
dnsmasq[3619]: forwarded fd6a9bc1c3f24664a11f1d7054d75de8.fp.measure.office.com to ::1
dnsmasq[3619]: query[A] fd6a9bc1c3f24664a11f1d7054d75de8.fp.measure.office.com from 192.168.1.55
dnsmasq[3619]: forwarded fd6a9bc1c3f24664a11f1d7054d75de8.fp.measure.office.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: forwarded r4.res.office365.com to ::1
dnsmasq[3619]: reply r4.res.office365.com is <CNAME>
dnsmasq[3619]: reply r4.res.office365.com.edgekey.net is <CNAME>
dnsmasq[3619]: reply e1875.dscg.akamaiedge.net is 184.28.88.89
dnsmasq[3619]: query[A] 7023a5ec2b52462c875546e8f5aec477.fp.measure.office.com from 192.168.1.55
dnsmasq[3619]: forwarded 7023a5ec2b52462c875546e8f5aec477.fp.measure.office.com to ::1
dnsmasq[3619]: query[A] 7023a5ec2b52462c875546e8f5aec477.fp.measure.office.com from 192.168.1.55
dnsmasq[3619]: forwarded 7023a5ec2b52462c875546e8f5aec477.fp.measure.office.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: reply a1952.dscq.akamai.net is 2600:1403:2::174a:2f0
dnsmasq[3619]: query[A] ctldl.windowsupdate.com from 192.168.1.90
dnsmasq[3619]: cached ctldl.windowsupdate.com is <CNAME>
dnsmasq[3619]: cached au-bg-shim.trafficmanager.net is <CNAME>
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: query[A] ctldl.windowsupdate.com from 192.168.1.90
dnsmasq[3619]: cached ctldl.windowsupdate.com is <CNAME>
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: query[AAAA] aadcdn.msauth.net from 192.168.1.55
dnsmasq[3619]: forwarded aadcdn.msauth.net to ::1
dnsmasq[3619]: reply aadcdn.msauth.net is NODATA-IPv4
dnsmasq[3619]: query[A] aadcdn.msauth.net from 192.168.1.55
dnsmasq[3619]: forwarded aadcdn.msauth.net to ::1
dnsmasq[3619]: query[AAAA] aadcdn.msauth.net from 192.168.1.55
dnsmasq[3619]: forwarded aadcdn.msauth.net to ::1
dnsmasq[21862]: query[A] aadcdn.msauth.net from 192.168.1.55
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: query[AAAA] ctldl.windowsupdate.com from 192.168.1.138
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: reply ctldl.windowsupdate.com is NODATA-IPv4
dnsmasq[3619]: query[A] ctldl.windowsupdate.com from 192.168.1.138
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: query[AAAA] ctldl.windowsupdate.com from 192.168.1.138
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: query[AAAA] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[A] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[AAAA] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[A] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: query[A] ctldl.windowsupdate.com from 192.168.1.138
dnsmasq[3619]: forwarded ctldl.windowsupdate.com to ::1
dnsmasq[3619]: reply ctldl.windowsupdate.com is <CNAME>
dnsmasq[3619]: reply au-bg-shim.trafficmanager.net is <CNAME>
dnsmasq[3619]: reply audownload.windowsupdate.nsatc.net is <CNAME>
dnsmasq[3619]: reply au.download.windowsupdate.com.edgesuite.net is <CNAME>
dnsmasq[3619]: reply a767.dscg3.akamai.net is 2600:1408:8400::173f:f6aa
dnsmasq[3619]: reply a767.dscg3.akamai.net is 2600:1408:8400::173f:f6b3
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: query[A] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: query[AAAA] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: query[AAAA] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: query[A] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: query[A] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[AAAA] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[A] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[AAAA] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: query[A] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[AAAA] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[A] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: query[AAAA] bl6pap004.storage.live.com from 192.168.1.138
dnsmasq[3619]: forwarded bl6pap004.storage.live.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: query[A] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: query[AAAA] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: query[AAAA] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: query[A] login.live.com from 192.168.1.138
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
--
dnsmasq[3619]: reply ecs.office.trafficmanager.net is <CNAME>
dnsmasq[3619]: reply s-0005-office.config.skype.com is <CNAME>
dnsmasq[3619]: reply ecs-office.s-0005.s-msedge.net is <CNAME>
dnsmasq[3619]: reply s-0005.s-msedge.net is 52.113.194.132
dnsmasq[3619]: query[A] login.live.com from 192.168.1.55
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: query[A] login.live.com from 192.168.1.55
dnsmasq[3619]: forwarded login.live.com to ::1
dnsmasq[3619]: reducing DNS packet size for nameserver ::1 to 1280
@hanvinke
Copy link

hanvinke commented Apr 20, 2021
edited
Loading

The strange thing is that edns-packet-max setting defaults to 4096 in dnsmasq since long. But applying --edns-packet-max=4096 in the configuration of dnsmasq apparently has no effect. I can still see the message " daemon.warn dnsmasq[]: reducing DNS packet size for nameserver 127.0.0.1 to 1280" in my syslog.
Maybe there is a difference between activating DNSSEC in dnsmasq or in stubby. According to https://forum.openwrt.org/t/stubby-dns-over-tls-using-dnsmasq-full-for-dnssec-caching/19107 one should enable DNSSEC preferably in dnsmasq. However https://github.com/openwrt/packages/blob/master/net/stubby/files/README.md states it should have the same outcome. I will check that later.
BTW, there was a similar issue in DNS behavior with dnscrypt-proxy in the past. See DNSCrypt/dnscrypt-proxy#956
I think this thread is f.i. related to getdnsapi/getdns#495

@hanvinke
Copy link

hanvinke commented Apr 22, 2021
edited
Loading

Did not see a change in the syslog when enabling dnssec in Stubby.
According to RFC6891 6.2.5. Payload Size Selection :
..
A requestor SHOULD choose to use a fallback mechanism that begins with a large size, such as 4096. If that fails, a fallback around the range of 1280-1410 bytes SHOULD be tried, as it has a reasonable chance to fit within a single Ethernet frame.
..
Unfortunately I don't know if there was a fallback before with a larger size. I suppose that would have shown in the syslog as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hanvinke @aershey-git