On Wed, 18 Aug 2004, Jonathan de Boyne Pollard wrote:
HN> Looks good, except that DNS replies larger than 512 bytes does not HN> need to fail.
DNS/UDP responses larger that 512 octets will never be sent in the first place, because squid's "internal" DNS client doesn't use to EDNS0 to advertise the ability to support them (which, of course, it doesn't, in any case). DNS/TCP responses larger than 512 octets will never be sent because squid's "internal" DNS client simply doesn't support DNS/TCP at all.
When the DNS response is larger than 512 octets the DNS resolver sends a truncated message.
It's invariably wrong, and squid's "internal" DNS client is badly broken for using any of the resource records in the response at all. A correctly written DNS client has no choice but to stop (and fall back to DNS/TCP) when it sees the TC bit set to 1 in a DNS/UDP response.
To this I agree, but it works sufficiently well for the purpose. We do intend to fix this however time permitting. Patches are obviously very welcome.
Regards Henrik
