[dns-operations] DNS Issue

Florian Weimer fw at deneb.enyo.de
Wed May 1 17:35:44 UTC 2013


* Tony Finch:

> Florian Weimer <fw at deneb.enyo.de> wrote:
>>
>> I think you still can't serve UDP over IPv6 without per-client sate,
>> keeping both full RFC conformance and interoperability with the
>> existing client population.  Pre-fragmentation to 1280 or so bytes
>> isn't enough, you also have to generate atomic fragments.
>
> Or don't fragment and restrict the EDNS buffer size to 1280.

Unfortunately, that's still not compliant.  Those responses can
trigger ICMP Packet Too Big messages, and then you're supposed to
generate atomic fragments (that is, send a single-packet unfragmented
response with a Fragmentation header).

It's one of those things in the IPv6 specification which should go,
but 6man *loves* them, unfortunately.

(By the way, if you've got a system which generates atomic fragments,
you should set a lower EDNS buffer size than 1280.)



More information about the dns-operations mailing list