<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Dec 19, 2018 at 4:20 AM Davey Song(宋林健) <<a href="mailto:ljsong@biigroup.cn">ljsong@biigroup.cn</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="ZH-CN"><div class="gmail-m_8487505373890306692WordSection1"><p class="MsoNormal"><span lang="EN-US">Hi folks,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">I’m curious on how .org authoritative server handle large DNS response ? Is there any notable impact of IPv6 fragment issues on .org servers? <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">I ask .org because .org generates large DNS response (1625 octets) when you dig dnskey org. +dnssec, which makes the issue more common.</span></p></div></div></blockquote><div><br></div><div><div class="gmail_default" style="font-family:verdana,sans-serif">The bit that confuses me about this is that Geoff Huston (who I trust) has a number of presentations showing that IPv6 fragmentation and large DNS responses simply don't work -- e.g: <a href="https://indico.dns-oarc.net/event/27/contributions/469/attachments/449/749/2017-09-29-xtn-hdrs-dns.pdf">https://indico.dns-oarc.net/event/27/contributions/469/attachments/449/749/2017-09-29-xtn-hdrs-dns.pdf</a></div><div class="gmail_default" style="font-family:verdana,sans-serif">E.g Slide 29 says "IPv6 Fragmentation Failure Rate: 38%". Geoff has a history of being right, and I've listened to this presentation a few times, know how the methodology works, etc. I've discussed these results with him and he's sure they are right. These numbers also roughly correlate with other people's data on fragmentation failures. </div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Joe Abley (who I also trust), and some other friends who I also trust work at Afilias (who serve .org) -- and they say that they are not seeing failure rates on UDP like this. I've also traveled with my laptop and tested (on v6 networks with a local resolver and TCP blocked) and am not seeing failures like those predicted. </div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">So, what's going on here? Is this simply sample bias? Is the failover to TCP saving us? Or the predominance of v4? What's actually keping .org running (and I know that it *is* running :-))</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">W</div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="ZH-CN"><div class="gmail-m_8487505373890306692WordSection1"><p class="MsoNormal"><span lang="EN-US"> <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">Is there Afilias people in the mailing list? Did you ever consider ATR (draft-song-atr-large-resp) for the issue? We need a talk. <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">Best regards,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">Davey<u></u><u></u></span></p></div></div>_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
dns-operations mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">I don't think the execution is relevant when it was obviously a bad idea in the first place.<br>This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.<br> ---maf</div></div></div>