What is the name of the domain?
_mongodb._tcp.test1.kevinalbs.com
What is the issue you’re encountering
SRV results not being truncated, resulting in missing records.
What steps have you taken to resolve the issue?
I expect WARP is not truncating UDP responses to 512 bytes. I suspect this may be a bug.
RFC 1035 Section 4.2.1 notes:
Messages carried by UDP are restricted to 512 bytes (not counting the IP
or UDP headers). Longer messages are truncated and the TC bit is set in
the header.
I am on macOS running WARP Zero Trust Version: 2024.6.474.0 (20240730.24).
What are the steps to reproduce the issue?
Running dig +noedns SRV _mongodb._tcp.test1.kevinalbs.com
results in a UDP response exceeding 512 bytes. There are 30 SRV records configured. I expect the response to be truncated with the TC bit set. The TC bit indicates the client can retry the query over TCP.
This may break assumptions in clients. Notably, when running in Docker, Docker appears to truncate the large response, but does not set the TC bit, resulting in missing records due to no TCP retry:
docker run --rm -it alpine:3.19
/ # apk add bind-tools --quiet
/ # apk add vim --quiet
/ # dig +short +noedns SRV _mongodb._tcp.test1.kevinalbs.com
0 0 27017 test1.localhost.kevinalbs.com.
0 0 27018 test1.localhost.kevinalbs.com.
0 0 27019 test1.localhost.kevinalbs.com.
0 0 27020 test1.localhost.kevinalbs.com.
0 0 27021 test1.localhost.kevinalbs.com.
0 0 27022 test1.localhost.kevinalbs.com.
0 0 27023 test1.localhost.kevinalbs.com.
0 0 27024 test1.localhost.kevinalbs.com.
0 0 27025 test1.localhost.kevinalbs.com.
I expect there is an additional bug within the Docker DNS resolver (truncating without setting the TC bit). And this bug is being triggered by the unexpected large response from Cloudflare WARP.