[dns-operations] PMTUD of .org servers

Paul Vixie vixie at isc.org
Fri Jun 19 05:25:24 UTC 2009

> From: Mark Andrews <marka at isc.org>
> Date: Fri, 19 Jun 2009 13:21:43 +1000
> > so solaris basically can't be a good edns server, period, full stop?
> You can turn it off globally with ndd (if I'm remembering the command
> name correctly).

then TCP will be flying without PMTUD.  no solaris administrator can afford
to do that unless the box is absolutely dedicated to DNS, and UDP at that.

> What Solaris needs is hooks to allow this to be done on a per socket
> basis or to only apply it to TCP traffic.

seems more likely that they'll leave DF on by default.  EDNS speakers
should probably open the ICMP socket and look for evidence of DF damage.

> ...
> You can also tune named with max-udp-size so that you won't be
> sending responses that are likely to result in packet too big
> responses being triggered.

at which point EDNS will suffer badly, and TCP fallback will be used.  so
like i said, solaris just can't be a good EDNS server.  interesting.

More information about the dns-operations mailing list