[dns-operations] PMTUD of .org servers

Mark Andrews marka at isc.org
Fri Jun 19 03:21:43 UTC 2009

In message <28747.1245380562 at nsa.vix.com>, Paul Vixie writes:
> > From: Mark Andrews <marka at isc.org>
> > Date: Fri, 19 Jun 2009 11:08:27 +1000
> > 
> > 	Linux and Solaris set DF by default.  Linux boxes allow it
> > 	to be modified on a per-socket basis.  On Solaris boxes it
> > 	is a global flag.  You can't disable DF on UDP without also
> > 	disabling DF on TCP.
> > 
> > 	Other boxes that implement path mtu discovery appear to only
> > 	do it on TCP connections by default.
> > 
> > 	Named turns off the setting of DF for UDP on all platforms
> > 	where we are aware of a per socket control.
> > 
> > 	Setting DF on UDP/DNS responses is detrimental to DNS.
> so solaris basically can't be a good edns server, period, full stop?

You can turn it off globally with ndd (if I'm remembering the command
name correctly).  What Solaris needs is hooks to allow this to be done
on a per socket basis or to only apply it to TCP traffic.

This is not a issue for IPv6 as Solaris implements the Advanced
IPv6 Socket API, in particular IPV6_USE_MIN_MTU.

You can also tune named with max-udp-size so that you won't be
sending responses that are likely to result in packet too big
responses being triggered.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list