[dns-operations] PMTUD of .org servers

Michael Graff mgraff at isc.org
Sat Jun 20 14:34:14 UTC 2009


Without and feedback on pmtu the local interface Mtu would be used I  
think. That would normally result in a maximum sized packet per  
fragment.

Pmtu is intended to avoid fragments. In tcp this works well since the  
data is already split up into frames. In udp this would be pushed back  
into the application to actually make the information useful.

If the server actually knew that the client could only get 1400  
without fragmenting then it could adjust what additional data was  
inserted. However, I know of no DNS code which does this.

--Michael


On Jun 20, 2009, at 9:14, Florian Weimer <fw at deneb.enyo.de> wrote:

> * Michael Graff:
>
>> Florian Weimer wrote:
>>
>>> With UDP, it can also be implemented in the kernel.  It fragments  
>>> down
>>> to the path MTU when sending the packet.  This ensures that the  
>>> number
>>> of packets is minimized, so it's not entirely pointless.
>>
>> If the purpose here is to avoid generating fragments due to  
>> incorrectly
>> blocking them on the client's end (or something in the path) then  
>> what
>> does PMTU buy us for UDP, again?
>
> I think this question is somewhat misguided because you can't consider
> such aspects in isolation.  For example, suppose that the path in
> question has a packet loss propability at the IP layer of 0.001 and an
> MTU of 1450 bytes.  The server wants to send a DNSKEY response,
> consisting of 3100 bytes.  Without PMTUD, you end up with 7 packets,
> and about 0.007 probabity of packet loss.  With PMTUD, there are only
> 3 packets, and the loss probability is 0.003.  Of course, it's
> theoretically possible to split a packet into approximately
> equal-sized fragments (without setting the DF bit), but I don't think
> anybody does this.



More information about the dns-operations mailing list