2.6.7: Does socket.gethostbyaddr truncate?
On Sat, Feb 3, 2018 at 1:11 PM, Peter J. Holzer <hjp-python at hjp.at> wrote:
> On 2018-01-30 08:56:16 -0800, Dan Stromberg wrote:
> > dig -x should return a single PTR in all cases, shouldn't it?
> No. dig -x should return *all* PTR records. There is usually at most one
> of them, but there may be several. (46 seems a bit much, but there
> really isn't any limit).
> > What IP are you using?
> Yup. I want to see an address with 46 PTR records, too ;-).
> > On Tue, Jan 30, 2018 at 4:05 AM, Antoon Pardon <antoon.pardon at vub.be>
> > > I am using python 2.6.7 to do a little network programming, but it
> seems I don't
> > > get all the results.
> > >
> > > When I call socket.gethostbyaddr(IP) entry  of the result is a list
> of 34 addresses.
> gethostbyaddr just calls the underlying C library function. It is
> possibly that this has a limit (either on the number of names or more
> likely on the packet size).
> _ | Peter J. Holzer | we build much bigger, better disasters now
> |_|_) | | because we have much more sophisticated
> | | | hjp at hjp.at | management tools.
> __/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
I would guess it's the packet size limitation. Using EDNS0 you can have
packet size of up 4096 bytes, but it's the underlying IP protocol which
limits further the amount of data in a single packet. Given the 20 bytes
IPv4 header and 8 bytes DNS header, that leaves 1472 bytes for data. Bigger
payload leads to IP fragmentation which in many cases is blocked by
firewalls or other network devices on the way.
In your case dig -x runs on the same machine where the Python code runs? If
yes, then it's not network issue.
What's the size of the response containing 34 addresses? What's the size of
the response from dig when all 46 addresses are returned?