DNS проблемы с битом TS - truncated или не с битом

[vasek00]

Последнее время возможно после перехода на релиз прошивки 3 (на 2.15 не проверял пока) или обновление программ из Entware наблюдаю такую картину, например после чтения страницы или не пользованием Интернетом ~ 8-10мин набираю в браузере адрес forum.keenetic.net (или еще 2-3 сайта) получаю попытка соединения не удалась/попробовать снова, если набрать потом любой другой (он открывается) и опять проблемные то все открывается и работает.

Схема
Клиент-->--Dnsmasq-->--Dnscrypt-proxy-->--Интернет

dnsmasq-full - 2.80-11 и dnscrypt-proxy2 - 2.0.21.

Легкий анализ показал, что как бы проблема в следующем получен ответ для клиента с TC = 1 (Message truncated) или Flags:  Response, Opcode - QUERY (Standard query), TC, RD, RA, Rcode - Success

Скрытый текст

Проблемное открытие 

Клиент->Роутер
- Udp: SrcPort = 64247, DstPort = DNS(53), Length = 44
    SrcPort: 64247
    DstPort: DNS(53)
    TotalLength: 44 (0x2C)
    Checksum: 43862 (0xAB56)
    UDPPayload: SourcePort = 64247, DestinationPort = 53
- Dns: QueryId = 0x5209, QUERY (Standard query), Query  for forum.keenetic.net of type Host Addr on class Internet
    QueryIdentifier: 21001 (0x5209)
  - Flags:  Query, Opcode - QUERY (Standard query), RD, Rcode - Success
     QR:                (0...............) Query
     Opcode:            (.0000...........) QUERY (Standard query) 0
     AA:                (.....0..........) Not authoritative
     TC:                (......0.........) Not truncated
     RD:                (.......1........) Recursion desired
     RA:                (........0.......) Recursive query support not available
     Zero:              (.........0......) 0
     AuthenticatedData: (..........0.....) Not AuthenticatedData
     CheckingDisabled:  (...........0....) Not CheckingDisabled
     Rcode:             (............0000) Success 0
    QuestionCount: 1 (0x1)
    AnswerCount: 0 (0x0)
    NameServerCount: 0 (0x0)
    AdditionalCount: 0 (0x0)
  - QRecord: forum.keenetic.net of type Host Addr on class Internet
     QuestionName: forum.keenetic.net
     QuestionType: A, IPv4 address, 1(0x1)
     QuestionClass: Internet, 1(0x1)

От роутера -> клиенту (ответ)
- Udp: SrcPort = DNS(53), DstPort = 64247, Length = 44
    SrcPort: DNS(53)
    DstPort: 64247
    TotalLength: 44 (0x2C)
    Checksum: 10454 (0x28D6)
    UDPPayload: SourcePort = 53, DestinationPort = 64247
- Dns: QueryId = 0x5209, QUERY (Standard query), Response - Success 
    QueryIdentifier: 21001 (0x5209)
  - Flags:  Response, Opcode - QUERY (Standard query), TC, RD, RA, Rcode - Success
     QR:                (1...............) Response
     Opcode:            (.0000...........) QUERY (Standard query) 0
     AA:                (.....0..........) Not authoritative
     TC:                (......1.........) Message truncated
     RD:                (.......1........) Recursion desired
     RA:                (........1.......) Recursive query support available
     Zero:              (.........0......) 0
     AuthenticatedData: (..........0.....) Not AuthenticatedData
     CheckingDisabled:  (...........0....) Not CheckingDisabled
     Rcode:             (............0000) Success 0
    QuestionCount: 1 (0x1)
    AnswerCount: 0 (0x0)
    NameServerCount: 0 (0x0)
    AdditionalCount: 0 (0x0)
  - QRecord: forum.keenetic.net of type Host Addr on class Internet
     QuestionName: forum.keenetic.net
     QuestionType: A, IPv4 address, 1(0x1)
     QuestionClass: Internet, 1(0x1)

Повторный запрос

Клиент -> роутер
- Udp: SrcPort = 49188, DstPort = DNS(53), Length = 44
    SrcPort: 49188
    DstPort: DNS(53)
    TotalLength: 44 (0x2C)
    Checksum: 62613 (0xF495)
    UDPPayload: SourcePort = 49188, DestinationPort = 53
- Dns: QueryId = 0x439D, QUERY (Standard query), Query  for forum.keenetic.net of type Host Addr on class Internet
    QueryIdentifier: 17309 (0x439D)
  - Flags:  Query, Opcode - QUERY (Standard query), RD, Rcode - Success
     QR:                (0...............) Query
     Opcode:            (.0000...........) QUERY (Standard query) 0
     AA:                (.....0..........) Not authoritative
     TC:                (......0.........) Not truncated
     RD:                (.......1........) Recursion desired
     RA:                (........0.......) Recursive query support not available
     Zero:              (.........0......) 0
     AuthenticatedData: (..........0.....) Not AuthenticatedData
     CheckingDisabled:  (...........0....) Not CheckingDisabled
     Rcode:             (............0000) Success 0
    QuestionCount: 1 (0x1)
    AnswerCount: 0 (0x0)
    NameServerCount: 0 (0x0)
    AdditionalCount: 0 (0x0)
  - QRecord: forum.keenetic.net of type Host Addr on class Internet
     QuestionName: forum.keenetic.net
     QuestionType: A, IPv4 address, 1(0x1)
     QuestionClass: Internet, 1(0x1)

Ответ роутера -> клиенту
- Udp: SrcPort = DNS(53), DstPort = 49188, Length = 44
    SrcPort: DNS(53)
    DstPort: 49188
    TotalLength: 44 (0x2C)
    Checksum: 29205 (0x7215)
    UDPPayload: SourcePort = 53, DestinationPort = 49188
- Dns: QueryId = 0x439D, QUERY (Standard query), Response - Success 
    QueryIdentifier: 17309 (0x439D)
  - Flags:  Response, Opcode - QUERY (Standard query), TC, RD, RA, Rcode - Success
     QR:                (1...............) Response
     Opcode:            (.0000...........) QUERY (Standard query) 0
     AA:                (.....0..........) Not authoritative
     TC:                (......1.........) Message truncated
     RD:                (.......1........) Recursion desired
     RA:                (........1.......) Recursive query support available
     Zero:              (.........0......) 0
     AuthenticatedData: (..........0.....) Not AuthenticatedData
     CheckingDisabled:  (...........0....) Not CheckingDisabled
     Rcode:             (............0000) Success 0
    QuestionCount: 1 (0x1)
    AnswerCount: 0 (0x0)
    NameServerCount: 0 (0x0)
    AdditionalCount: 0 (0x0)
  - QRecord: forum.keenetic.net of type Host Addr on class Internet
     QuestionName: forum.keenetic.net
     QuestionType: A, IPv4 address, 1(0x1)
     QuestionClass: Internet, 1(0x1)

И ниже как должно быть

От клиента -> роутеру
- Udp: SrcPort = 64505, DstPort = DNS(53), Length = 44
    SrcPort: 64505
    DstPort: DNS(53)
    TotalLength: 44 (0x2C)
    Checksum: 52956 (0xCEDC)
    UDPPayload: SourcePort = 64505, DestinationPort = 53
- Dns: QueryId = 0x2D81, QUERY (Standard query), Query  for forum.keenetic.net of type Host Addr on class Internet
    QueryIdentifier: 11649 (0x2D81)
  - Flags:  Query, Opcode - QUERY (Standard query), RD, Rcode - Success
     QR:                (0...............) Query
     Opcode:            (.0000...........) QUERY (Standard query) 0
     AA:                (.....0..........) Not authoritative
     TC:                (......0.........) Not truncated
     RD:                (.......1........) Recursion desired
     RA:                (........0.......) Recursive query support not available
     Zero:              (.........0......) 0
     AuthenticatedData: (..........0.....) Not AuthenticatedData
     CheckingDisabled:  (...........0....) Not CheckingDisabled
     Rcode:             (............0000) Success 0
    QuestionCount: 1 (0x1)
    AnswerCount: 0 (0x0)
    NameServerCount: 0 (0x0)
    AdditionalCount: 0 (0x0)
  - QRecord: forum.keenetic.net of type Host Addr on class Internet
     QuestionName: forum.keenetic.net
     QuestionType: A, IPv4 address, 1(0x1)
     QuestionClass: Internet, 1(0x1)

От роутера -> клиенту
- Udp: SrcPort = DNS(53), DstPort = 64505, Length = 330
    SrcPort: DNS(53)
    DstPort: 64505
    TotalLength: 330 (0x14A)
    Checksum: 13102 (0x332E)
    UDPPayload: SourcePort = 53, DestinationPort = 64505
- Dns: QueryId = 0x2D81, QUERY (Standard query), Response - Success, 143.204.101.64, 143.204.101.92 ... 
    QueryIdentifier: 11649 (0x2D81)
  - Flags:  Response, Opcode - QUERY (Standard query), RD, RA, Rcode - Success
     QR:                (1...............) Response
     Opcode:            (.0000...........) QUERY (Standard query) 0
     AA:                (.....0..........) Not authoritative
     TC:                (......0.........) Not truncated
     RD:                (.......1........) Recursion desired
     RA:                (........1.......) Recursive query support available
     Zero:              (.........0......) 0
     AuthenticatedData: (..........0.....) Not AuthenticatedData
     CheckingDisabled:  (...........0....) Not CheckingDisabled
     Rcode:             (............0000) Success 0
    QuestionCount: 1 (0x1)
    AnswerCount: 6 (0x6)
    NameServerCount: 0 (0x0)
    AdditionalCount: 1 (0x1)
  - QRecord: forum.keenetic.net of type Host Addr on class Internet
     QuestionName: forum.keenetic.net
     QuestionType: A, IPv4 address, 1(0x1)
     QuestionClass: Internet, 1(0x1)
  + ARecord: forum.keenetic.net of type CNAME on class Internet: keenetic.invisionzone.com
  ...
  + AdditionalRecord: Type: OPT, Sender's largest UDP payload size: 1204

Проверка

/ # dig forum.keenetic.net

; <<>> DiG 9.12.3-P4 <<>> forum.keenetic.net
...
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1204
...
;; Query time: 0 msec
;; SERVER: 192.168.130.100#53(192.168.130.100)
;; WHEN: Wed Apr 17 20:38:29 MSK 2019
;; MSG SIZE  rcvd: 187


/ # dig youtube.com
; <<>> DiG 9.12.3-P4 <<>> youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7476
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1204
;; QUESTION SECTION:
;youtube.com.                   IN      A
...
;; Query time: 31 msec
;; SERVER: 192.168.130.100#53(192.168.130.100)
;; WHEN: Wed Apr 17 20:40:34 MSK 2019
;; MSG SIZE  rcvd: 148

В свою очередь dnsmasq по умолчанию ENDS = 4096 а dnsscrypt-proxy ENDS = 4096 (ARGS="-config /opt/etc/dnscrypt-proxy.toml —edns-payload-size=4096")

Скрытый текст

Такого никогда не было, начало появляться совсем не давно.

Edited April 17, 2019 by vasek00