[dns-operations] PMTUD of .org servers

Florian Weimer fw at deneb.enyo.de
Sat Jun 20 14:14:23 UTC 2009

* Michael Graff:

> Florian Weimer wrote:
>> With UDP, it can also be implemented in the kernel.  It fragments down
>> to the path MTU when sending the packet.  This ensures that the number
>> of packets is minimized, so it's not entirely pointless.
> If the purpose here is to avoid generating fragments due to incorrectly
> blocking them on the client's end (or something in the path) then what
> does PMTU buy us for UDP, again?

I think this question is somewhat misguided because you can't consider
such aspects in isolation.  For example, suppose that the path in
question has a packet loss propability at the IP layer of 0.001 and an
MTU of 1450 bytes.  The server wants to send a DNSKEY response,
consisting of 3100 bytes.  Without PMTUD, you end up with 7 packets,
and about 0.007 probabity of packet loss.  With PMTUD, there are only
3 packets, and the loss probability is 0.003.  Of course, it's
theoretically possible to split a packet into approximately
equal-sized fragments (without setting the DF bit), but I don't think
anybody does this.

More information about the dns-operations mailing list