[dns-operations] wrapup of fragmentation/do/tcp discussion requested

bert hubert bert.hubert at netherlabs.nl
Mon Jun 22 05:33:22 UTC 2009

> From: Mark Andrews <marka at isc.org>
> Date: Mon, Jun 22, 2009 at 2:11 AM
>        1.  512 covers all the recoverable failure paths.
>        2.  512 doesn't significantly change the amount of fallback to
>            TCP due to fragmentation/DNS proxies.

'1' may very well be true, but '2' is as far as I can tell not backed up by

>        3.  Some answer are less that 512 bytes in size.

No single referral from a zone signed with NSEC3 though, or using the
parameters of GOV or ORG. 

>        5.  Not everyone is in a position to change the equipment that
>            is blocking the responses to 4096 byte queries.

Well.. why not do a fallback to 1280 first? That does not require
fragmentation, and does indeed have enough room to contain 99.9% of all
typical DO=1 responses.

I understand it is more work, but 1280 would basically mean 'business as
usual' if there is (as I suspect) a large class of networks that can pass
both 512 and 1280, but not 4096.

Is there a good reason not to try 1280?


http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the dns-operations mailing list