[nsd-users] Two TCP segments to answer a query

Anand Buddhdev anandb at ripe.net
Thu Mar 1 23:13:12 CET 2012


This questions is aimed more at the NSD developers, but of course if
anyone knows the answer, feel free to chime in.

While writing some code to process DNS queries and responses over TCP,
one of my colleagues noticed something strange about NSD's TCP
responses. Here's what we have observed:

client: syn
server: syn + ack
client: ack
client: push + ack + query
server: ack
server: ack + 2 bytes indicating size of following dns message
client: ack
server: push + ack + response

I'm omitting the closing sequence of FINs and ACKs here.

Comparing this to a BIND server, we see:

client: syn
server: syn + ack
client: ack
client: push + ack + query
server: push + ack + 2 bytes + response

Notice how NSD uses an extra TCP segment to send just the 2 bytes
indicating the length of the response packet, whereas BIND does it all
in the same TCP segment. BIND's behaviour seems logical to me, whereas
NSD's seems... strange.

Is there any reason NSD does it this way? TCP performance isn't really
an issue for us, so I don't see any immediate need to fix this, if
indeed a fix is even needed. We'd just like to understand this
difference in behaviour.

Regards,

Anand Buddhdev
RIPE NCC


More information about the nsd-users mailing list