[dns-operations] How .org name server handle large DNS response?
Peter van Dijk
peter.van.dijk at powerdns.com
Sat Dec 22 22:16:20 UTC 2018
On 19 Dec 2018, at 23:20, Warren Kumari wrote:
> The bit that confuses me about this is that Geoff Huston (who I trust)
> has
> a number of presentations showing that IPv6 fragmentation and large
> DNS
> responses simply don't work -- e.g:
> https://indico.dns-oarc.net/event/27/contributions/469/attachments/449/749/2017-09-29-xtn-hdrs-dns.pdf
> E.g Slide 29 says "IPv6 Fragmentation Failure Rate: 38%". Geoff has a
> history of being right, and I've listened to this presentation a few
> times,
> know how the methodology works, etc. I've discussed these results with
> him
> and he's sure they are right. These numbers also roughly correlate
> with
> other people's data on fragmentation failures.
Without judging the numbers (as you say, apparently they roughly
correlate with other people’s numbers), George’s measurements are
flawed because he ignores the EDNS bufsize reported by the resolver. If
you send a resolver a response that is larger than the advertised buffer
size, various failure modes unrelated to IPv6 and fragmentation may come
into play. This has been reported to Geoff a few times but he strongly
holds the position that the EDNS buffer size is just a suggestion and
that he is free to ignore it. Some implementations (at least PowerDNS),
however, disagree. (Some other implementations, like dig, are absolutely
fine with it.)
On a more anecdotal note, most MTU/fragmentation-related issues reported
by PowerDNS users are on the IPv4 side. When debugged, their root cause
consistently turns out to be close to the resolver.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dns-operations
mailing list