[dns-operations] Announcement - DNS flag day on 2019-02-01
Shane Kerr
shane at time-travellers.org
Thu Jun 14 09:20:00 UTC 2018
Paul,
Paul Vixie:
> Florian Weimer wrote:
> ...
>>
>> Or you can avoid fragmentation in the first place, ...
>
> so, just always use tcp if you're expecting more than 1200 octets?
>
>> Theoretically, even with a 1200-byte EDNS buffer size, ...
>
> but, there are useful answers larger than that.
>
>> Another benefit of this change is that many of the ENDS-related
>> problems go away.
>
> i'd rather we broke everything that won't let edns through. the internet
> can't grow in avoidance-mode. we have to confront, too.
I don't think the problem referred to here is EDNS, but rather large
packets.
Are there even secure ways to establish PMTU on the Internet? Or if not
secure (as in "authenticated"), then ways that don't open operators up
to various ICMP-based attacks?
Cheers,
--
Shane
More information about the dns-operations
mailing list