[dns-operations] wrapup of fragmentation/do/tcp discussion requested
bert.hubert at netherlabs.nl
Mon Jun 22 05:33:22 UTC 2009
> From: Mark Andrews <marka at isc.org>
> Date: Mon, Jun 22, 2009 at 2:11 AM
> 1. 512 covers all the recoverable failure paths.
> 2. 512 doesn't significantly change the amount of fallback to
> TCP due to fragmentation/DNS proxies.
'1' may very well be true, but '2' is as far as I can tell not backed up by
> 3. Some answer are less that 512 bytes in size.
No single referral from a zone signed with NSEC3 though, or using the
parameters of GOV or ORG.
> 5. Not everyone is in a position to change the equipment that
> is blocking the responses to 4096 byte queries.
Well.. why not do a fallback to 1280 first? That does not require
fragmentation, and does indeed have enough room to contain 99.9% of all
typical DO=1 responses.
I understand it is more work, but 1280 would basically mean 'business as
usual' if there is (as I suspect) a large class of networks that can pass
both 512 and 1280, but not 4096.
Is there a good reason not to try 1280?
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the dns-operations