前几天同事反馈有个2000多个域名指向了自己的一台服务器,但是查询对应机器的PTR记录时发现只有1700多个。dig -x 查询了一下发现确实只有1700多个,检查了对应的zone文件内PTR记录是有2000多个的。偶然发现dig返回的MSG SIZE到了65519
在RFC1035中提到了DNS的几个限制:labels 63 octets or lessnames 255 octets or lessTTL positive values of a signed 32 bit number.UDP messages 512 octets or less整个UDP的消息被限制在512,不过随着后来EDNS0扩展协议(rfc2671),UDP的报文是可以到4096的(最大可以到65535)。在查询同事提供的PTR记录时,请求本身被TC置位走了TCP,因次这个UDP的限制无关的。DNS的限制实际在协议上
All RRs have the same top level format shown below:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
/ /
/ NAME /
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TYPE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| CLASS |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TTL |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| RDLENGTH |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
/ RDATA /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
NAME an owner name, i.e., the name of the node to which this
re
source record pertains.
TYPE two octets containing one of the RR TYPE codes.
CLASS two octets containing one of the RR CLASS codes.
TTL a 32 bit signed integer that specifies the time interval
that the resource record may be cached before the source of the information should again be consulted. Zero values are interpreted to mean that the RR can only be used for the transaction in progress, and should not be
cached. For example, SOA records are always distributed
with a zero TTL to prohibit caching. Zero values can also be used for extremely volatile data.
RDLENGTH an unsigned 16 bit integer that specifies the length in
octets of the RDATA field.
因为RDLENGTH是16bit的,所以报文被限制到了2^16=65536。