Trying to AXFR-out large zone results in "Attempt to write an oversized chunk"

[merlinscholz]

• [X] This is not a support question, I have read about opensource and will send support questions to the IRC channel, Github Discussions or the mailing list.
• [X] I have read and understood the 'out in the open' support policy

• Program: Authoritative, (dnsdist)
• Issue type: Bug report

Short description

When loading a rather large zone (approx 3.8Mb in size) via load-zone and notifying possible secondaries afterwards, the AXFR fails with: attempt to write an oversized chunk

This installation has dnsdist sitting in front of it, but afaik the requests never make it there.

Environment

• Operating system: Red Hat Enterprise Linux 9.4
• Software version: pdns-4.8.4-1.el9.x86_64, dnsdist-1.8.3-1.el9.x86_64, mariadb-server-10.5.22-1.el9_2.x86_64
• Software source: Red Hat repositories

Steps to reproduce

1. Set up PowerDNS Authoritative with MariaDB Backend (probably irrelevant) and at least one secondary
2. Load this zonefile: zonefile.txt
3. Increase serial
4. Notify the secondaries via pdns_control

Expected behaviour

The secondaries should have the new records available

Actual behaviour

PowerDNS on the primary fails the AXFR-out with:

Aug 15 23:25:57 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: Notification request for zone 'homecloud.lol' received from operator
Aug 15 23:25:58 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: Received NOTIFY for homecloud.lol from 127.0.0.1(217.69.6.150) which is not a master (Refused)
Aug 15 23:25:58 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: Received NOTIFY for homecloud.lol from 127.0.0.1(2a05:f480:1c00:7f:5400:5ff:fe05:75e3) which is not a master (Refused)
Aug 15 23:25:58 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: IXFR-out zone 'homecloud.lol', client '127.0.0.1(2a01:4f8:0:a101::a:1)', transfer initiated with serial 2024081509
Aug 15 23:25:58 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: AXFR-out zone 'homecloud.lol', client '127.0.0.1(2a01:4f8:0:a101::a:1)', transfer initiated
Aug 15 23:25:58 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: TCP nameserver had error, cycling backend: attempt to write an oversized chunk
Aug 15 23:25:59 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: AXFR-out zone 'homecloud.lol', client '127.0.0.1(2a01:4f8:c012:fb3::1)', transfer initiated
Aug 15 23:25:59 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: TCP server is without backend connections in doAXFR, launching
Aug 15 23:25:59 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: TCP nameserver had error, cycling backend: attempt to write an oversized chunk
Aug 15 23:25:59 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: AXFR-out zone 'homecloud.lol', client '127.0.0.1(2a01:4ff:1f0:f98::)', transfer initiated
Aug 15 23:25:59 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: TCP server is without backend connections in doAXFR, launching
Aug 15 23:25:59 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: TCP nameserver had error, cycling backend: attempt to write an oversized chunk
Aug 15 23:25:59 prpnetdna11.ppa.homeit.lol pdns_server-servfail[111568]: AXFR-out zone 'homecloud.lol', client '127.0.0.1(2406:ef80:4:2afe::1)', transfer initiated

Other information

I do not know if this is a bug or intended behaviour, as I could not find any information on this exact error message.

[jsoref]

@Habbie added this in #11954

[Habbie]

Please try workaround-11804=yes in pdns.conf

[jsoref]

It looks like #12780 is a workaround for some of this -- offhand, I'd be inclined to add a reference to that workaround in the error that is reported here -- assuming my understanding isn't totally off (and it very well could be).

[merlinscholz]

Adding the workaround fixed it, thank you very much for your time!