[dns-operations] EDNS with IPv4 and IPv6 (DNSSEC or large answers)
Davey Song
songlinjian at gmail.com
Wed Sep 17 04:50:53 UTC 2014
Under the context of this discussion, I want to ask a question about DNS
UDP size in IPv4/IPv6.
I read SAC-035 about a test on Broadband Routers and Firewalls. There are
27% DNS proxy still can not pass the packets larger than 512. I don't konw
whether it will be overcame by using IPv6 for transportation.
On the specification, IPv6 MTU is 1280 which gives a relief to that
constrain. Some body may say the enlargement of IPv6 MTU is trivial and do
not do much help to the EDNS0 efficiency ( more large packets> 1280). But I
have argument that the enlargement to 1280-1500 is vital and enough for the
case of priming exchange and DNSSEC.
To defend my point, I need some data and experience from dual stack DNS
operators who may compare the IPv4 and IPv6 DNS operation before. Do you
guys have any idea or pointers to related documents?
Thank you in advance.
Davey
On Sat, Sep 13, 2014 at 5:37 PM, Franck Martin <fmartin at linkedin.com> wrote:
> I’m trying to figure out EDNS with UDP fragmentation on both IPv4 and IPv6
> network.
>
> My understanding is that UDP fragmentation is something frown upon in IPv4
> and even more on IPv6 (because of processing power needed, and security
> concerns)?
>
> What is the recommended setup for EDNS?
> -limit size to <1500? on both IPv4 and IPv6?
> -allow UDP fragmentation on IPv4 and IPv6, how securely?
>
> How does that play with DNSSEC large data records? I have seen that with
> some low TTL, bind tends not to fallback (from 4096 to 512) fast enough
> often to return an answer within the time allocated.
>
> Any good documentation, pointers?
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140917/3f2a0d8d/attachment.html>
More information about the dns-operations
mailing list