Frequently Asked Questions

This document lists categorized answers and questions with links to the relevant documentation.

EDNS bufsize in response packets

You may have spotted the 512 in something like the following (after EDNS ... udp:):

$ dig @

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20155
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 512
;           IN  A

;; ANSWER SECTION:        43200   IN  A

;; Query time: 86 msec
;; WHEN: Thu Apr 15 13:56:34 CEST 2021
;; MSG SIZE  rcvd: 56

and wonder ‘why is the Recursor using a bufsize of 512? Did we not decide on a Flag Day, all together, that we would use 1232?’

The EDNS buffer size in a DNS packet, generated by side A, tells the recipient of that packet (side B) the maximum packet size that side A will accept from side B. So, when the Recursor talks to an Authoritative, the Recursor reports the buffer size the Authoritative is allowed to use to it - usually 1232 (edns-outgoing-bufsize). But the example above is the Recursor responding to a client, and it is telling the client ‘from you, I accept packets of up to 512 bytes’. Or, to say it differently, the Recursor is telling the client that questions must fit in 512 bytes. This is fine for the Recursor - unlike an Authoritative, that might need to handle big UPDATE requests, the Recursor really only answers simple questions from clients, and those always comfortably fit in 512 bytes, because the maximum length of a DNS name is 256 bytes.

Similarly, the maximum size of a response from the Recursor to a client is governed by the buffer size sent by the client (in dig, you can see that number by doing dig +qr), and the udp-truncation-threshold setting in the Recursor configuration.

To see the buffer size the Recursor is sending to authoritatives, you can ask the question below, which gets sent to an authoritative server reporting in a TXT answer record what it saw in the query:

$ dig txt +short @
"id: 52938, aa: false, rd: false, ad: false, cd: false, do: true, ednsbufsiz: 1232, tcp: false"

Or, in a diagram:

    udp-truncation-threshold      edns-outgoing-bufsize
        [default is 1232]           [default is 1232]
              |                           |
+------+      v      +----------+         v             +------------+
| stub | <=========> | recursor | <===================> | responders |
+------+             +----------+                       +------------+
  client bufsize (stub => recursor)
 bufsize reported to client (recursor => stub [always 512])