[RndTbl] very strange DNS errors

[Trevor Cordes]

Further, during additional tests while capturing with tcpdump and
visualizing with wireshark, tcpdump consistently tells me it is
dropping 10-45 packets out of around 1200 it seems to capture to dig
+short just 2 domains in a 5s test.  Is that level of drop normal?  I
couldn't get a single capture that didn't have drops.  Is this just
tcpdump not keeping up, or are these drops also not making it to BIND
itself??  (Though I tested and the same # of drops occur on the "good"
domains too.)

Also, to rule out iptables I added an accept all rule for --sport 53
(udp and tcp) super early in my external interface chain.  Didn't help
one bit.  But I'm now 99% sure it's not iptables.

I found 4 surprising things in wireshark:

1. After rndc flushing it takes about 600 packets to resolve one dinky
domain name??  Wow!

2. AAAA records are coming across the wire, in fact they outnumber A
records.  I have ipv6 as "turned off"/blocked on a modern linux box as
you can, so I'm not sure why AAAA is showing up, but I guess it's
neither here nor there as long as the A's are coming back ok.  They
certainly add a bucket of useless packets to the 600 total though.

3. Looks like I'm getting back (must be automatic) dns sec stuff in
some of these packets.  I don't have any of that configured in my BIND
config, so unless it "just works" with no new config lines, it probably
is just being ignored.

4. There's a fair amount of TCP port 53 traffic going on!  My guess
would have been it was all limited to UDP.  Guess I'm behind the
times...


Not sure if any of these revelations sheds any light.