[dns-operations] Announcement - DNS flag day on 2019-02-01
Florian Weimer
fw at deneb.enyo.de
Fri Jun 15 05:49:43 UTC 2018
* Mark Andrews:
>>>> RFC 6946 affirms this bizarre behavior.
>>>>
>>>> Therefore, if you want to avoid state, you need to send atomic
>>>> fragments unconditionally, but that causes interoperability problems,
>>>> so you cannot do this in practice.
>
>
> There are too many religious nuts with firewalls.
>
> We should argue that NAT64 should set DF=0 on UDP packets <= 1280. I don’t
> think this is covered by any RFC one way or another. That would remove
> any need to keep state in the server.
Similar suggestions were made in the past. The IETF and their
processes gave us RFC 6946 instead.
As far as I can tell, the best approach is to be non-compliant, never
produce atomic fragments, and stay a little bit below the 1280 limit
for the benefit of tunnels in tunnels in tunnels. I came up with 1200
bytes as the limit, but it's of course rather arbitrary (but so was
1280).
More information about the dns-operations
mailing list