Root NS Query Always Truncated and Retried Over TCP?

Zero Trust 1.1.1.1
1

The query response of the root domain always seems too big due to the additional sections added by 1.1.1.1. dig seems to do it over UDP but kdig over TCP. What seems to be the difference? And shouldn’t the redundant additional sections be removed? @mvavrusa

$ dig . ns @1.1              

; <<>> DiG 9.18.5 <<>> . ns @1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16845
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;.				IN	NS

;; ANSWER SECTION:
.			513253	IN	NS	a.root-servers.net.
.			513253	IN	NS	b.root-servers.net.
.			513253	IN	NS	c.root-servers.net.
.			513253	IN	NS	d.root-servers.net.
.			513253	IN	NS	e.root-servers.net.
.			513253	IN	NS	f.root-servers.net.
.			513253	IN	NS	g.root-servers.net.
.			513253	IN	NS	h.root-servers.net.
.			513253	IN	NS	i.root-servers.net.
.			513253	IN	NS	j.root-servers.net.
.			513253	IN	NS	k.root-servers.net.
.			513253	IN	NS	l.root-servers.net.
.			513253	IN	NS	m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.	513253	IN	A	198.41.0.4
a.root-servers.net.	513253	IN	AAAA	2001:503:ba3e::2:30
b.root-servers.net.	513253	IN	A	199.9.14.201
b.root-servers.net.	513253	IN	AAAA	2001:500:200::b
c.root-servers.net.	513253	IN	A	192.33.4.12
c.root-servers.net.	513253	IN	AAAA	2001:500:2::c
d.root-servers.net.	513253	IN	A	199.7.91.13
d.root-servers.net.	513253	IN	AAAA	2001:500:2d::d
e.root-servers.net.	513253	IN	A	192.203.230.10
e.root-servers.net.	513253	IN	AAAA	2001:500:a8::e
f.root-servers.net.	513253	IN	A	192.5.5.241
f.root-servers.net.	513253	IN	AAAA	2001:500:2f::f
g.root-servers.net.	513253	IN	A	192.112.36.4
g.root-servers.net.	513253	IN	AAAA	2001:500:12::d0d
h.root-servers.net.	513253	IN	A	198.97.190.53
h.root-servers.net.	513253	IN	AAAA	2001:500:1::53
i.root-servers.net.	513253	IN	A	192.36.148.17
i.root-servers.net.	513253	IN	AAAA	2001:7fe::53
j.root-servers.net.	513253	IN	A	192.58.128.30
j.root-servers.net.	513253	IN	AAAA	2001:503:c27::2:30
k.root-servers.net.	513253	IN	A	193.0.14.129
k.root-servers.net.	513253	IN	AAAA	2001:7fd::1
l.root-servers.net.	513253	IN	A	199.7.83.42
l.root-servers.net.	513253	IN	AAAA	2001:500:9f::42
m.root-servers.net.	513253	IN	A	202.12.27.33
m.root-servers.net.	513253	IN	AAAA	2001:dc3::35

;; Query time: 259 msec
;; SERVER: 1.0.0.1#53(1.1) (UDP)
;; WHEN: Thu Aug 18 23:48:13 CEST 2022
;; MSG SIZE  rcvd: 811

$ kdig . ns @1.1

;; WARNING: truncated reply from [email protected](UDP), retrying over TCP

;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 13632
;; Flags: qr aa rd ra; QUERY: 1; ANSWER: 13; AUTHORITY: 0; ADDITIONAL: 26

;; QUESTION SECTION:
;; .                   		IN	NS

;; ANSWER SECTION:
.                   	517382	IN	NS	a.root-servers.net.
.                   	517382	IN	NS	b.root-servers.net.
.                   	517382	IN	NS	c.root-servers.net.
.                   	517382	IN	NS	d.root-servers.net.
.                   	517382	IN	NS	e.root-servers.net.
.                   	517382	IN	NS	f.root-servers.net.
.                   	517382	IN	NS	g.root-servers.net.
.                   	517382	IN	NS	h.root-servers.net.
.                   	517382	IN	NS	i.root-servers.net.
.                   	517382	IN	NS	j.root-servers.net.
.                   	517382	IN	NS	k.root-servers.net.
.                   	517382	IN	NS	l.root-servers.net.
.                   	517382	IN	NS	m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 	517382	IN	A	198.41.0.4
a.root-servers.net. 	517382	IN	AAAA	2001:503:ba3e::2:30
b.root-servers.net. 	517382	IN	A	199.9.14.201
b.root-servers.net. 	517382	IN	AAAA	2001:500:200::b
c.root-servers.net. 	517382	IN	A	192.33.4.12
c.root-servers.net. 	517382	IN	AAAA	2001:500:2::c
d.root-servers.net. 	517382	IN	A	199.7.91.13
d.root-servers.net. 	517382	IN	AAAA	2001:500:2d::d
e.root-servers.net. 	517382	IN	A	192.203.230.10
e.root-servers.net. 	517382	IN	AAAA	2001:500:a8::e
f.root-servers.net. 	517382	IN	A	192.5.5.241
f.root-servers.net. 	517382	IN	AAAA	2001:500:2f::f
g.root-servers.net. 	517382	IN	A	192.112.36.4
g.root-servers.net. 	517382	IN	AAAA	2001:500:12::d0d
h.root-servers.net. 	517382	IN	A	198.97.190.53
h.root-servers.net. 	517382	IN	AAAA	2001:500:1::53
i.root-servers.net. 	517382	IN	A	192.36.148.17
i.root-servers.net. 	517382	IN	AAAA	2001:7fe::53
j.root-servers.net. 	517382	IN	A	192.58.128.30
j.root-servers.net. 	517382	IN	AAAA	2001:503:c27::2:30
k.root-servers.net. 	517382	IN	A	193.0.14.129
k.root-servers.net. 	517382	IN	AAAA	2001:7fd::1
l.root-servers.net. 	517382	IN	A	199.7.83.42
l.root-servers.net. 	517382	IN	AAAA	2001:500:9f::42
m.root-servers.net. 	517382	IN	A	202.12.27.33
m.root-servers.net. 	517382	IN	AAAA	2001:dc3::35

;; Received 800 B
;; Time 2022-08-18 23:48:28 CEST
;; From [email protected](TCP) in 12.8 ms
2

dig is using EDNS0 but kdig isn’t. You can use +edns with kdig

2 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.