[dns-operations] EDNS with IPv4 and IPv6 (DNSSEC or large answers)
Tony Finch
dot at dotat.at
Mon Sep 15 10:52:02 UTC 2014
Franck Martin <fmartin at linkedin.com> wrote:
>
> What is the recommended setup for EDNS?
> -limit size to <1500? on both IPv4 and IPv6?
Yes, on some if not all of your authority servers. That is, you need to
limit the size of response that you send (max-udp-size in BIND terms).
(Don't get confused with your advertized EDNS buffer size which is for
receiving responses, mainly on recursive servers.)
This improves your interoperability with resolvers at other sites that
have broken networks which drop fragmented packets.
https://dnssec.surfnet.nl/wp-content/uploads/2012/09/Recommendations-for-dealing-with-fragmentation-in-DNS-v3.pdf
https://www.usenix.org/sites/default/files/conference/protected-files/vanrisjwik_lisa12_slides.pdf
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Trafalgar: Cyclonic in northwest, otherwise mainly northerly or northwesterly
5 or 6. Slight or moderate. Showers in northwest. Good.
More information about the dns-operations
mailing list