[dns-operations] How .org name server handle large DNS response?

Peter van Dijk peter.van.dijk at powerdns.com
Sat Dec 22 22:16:20 UTC 2018


On 19 Dec 2018, at 23:20, Warren Kumari wrote:

> The bit that confuses me about this is that Geoff Huston (who I trust) 
> has
> a  number of presentations showing that IPv6 fragmentation and large 
> DNS
> responses simply don't work -- e.g:
> https://indico.dns-oarc.net/event/27/contributions/469/attachments/449/749/2017-09-29-xtn-hdrs-dns.pdf
> E.g Slide 29 says "IPv6 Fragmentation Failure Rate: 38%". Geoff has a
> history of being right, and I've listened to this presentation a few 
> times,
> know how the methodology works, etc. I've discussed these results with 
> him
> and he's sure they are right. These numbers also roughly correlate 
> with
> other people's data on fragmentation failures.

Without judging the numbers (as you say, apparently they roughly 
correlate with other people’s numbers), George’s measurements are 
flawed because he ignores the EDNS bufsize reported by the resolver. If 
you send a resolver a response that is larger than the advertised buffer 
size, various failure modes unrelated to IPv6 and fragmentation may come 
into play. This has been reported to Geoff a few times but he strongly 
holds the position that the EDNS buffer size is just a suggestion and 
that he is free to ignore it. Some implementations (at least PowerDNS), 
however, disagree. (Some other implementations, like dig, are absolutely 
fine with it.)

On a more anecdotal note, most MTU/fragmentation-related issues reported 
by PowerDNS users are on the IPv4 side. When debugged, their root cause 
consistently turns out to be close to the resolver.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/




More information about the dns-operations mailing list