[dns-operations] v6, fragmentation, DNS

[Joe Abley]

On 2010-05-22, at 19:09, Paul Vixie wrote:

> i really want to cough all the junk out of ipv6's pipes. also, ipv6 is
> better, in how it handles fragmentation.

To veer off at a tangent, having absorbed perhaps too much rhetoric from close physical proximity to Geoff Huston at the usual set of events this year, the question of how fragmentation should be handled in v6 is somewhat interesting to me.

My current rendering of truth is that v6 fragmentation can't usefully work with stateless services over UDP, and hence needs to be disabled.

The why is that v6 fragmentation relies upon signalling back to the source of a datagram indicating a constrained MTU, on receipt of which the sender should fragment accordingly (and cache what it learnt so that it doesn't need to suffer multiple-RTTs worth of signalling next time). When the sender is a DNS server, and the response was sent using UDP transport, there's no state retained after the first transmission to allow retransmission with fragments to happen.

This general concern does not apply to TCP transport, where there is necessarily state retained on the sending side, and hence where regular v6 fragmentation will work.

The how is to force fragmentation on the sending side either by installing a blanket path MTU for ::/0 of 1280 (the minimum v6 interface MTU) or to use a UDP socket option which has the same effect, if available. The former is a crude hammer, and will affect all protocols. The latter, being per-socket, can be constrained in effect to just UDP DNS responses. BIND9 does the latter, marka tells me. L-Root does the former, for what that's worth.

Your comment above suggests that there is some other thinking that is at odds with my crude summary (in which case please point out my foolishness), or else you really mean "v6 is better in that the minimum interface MTU is 1280 bytes rather than 576".


Joe