[dns-operations] How .org name server handle large DNS response?

Paul Vixie paul at redbarn.org
Thu Jan 3 16:41:59 UTC 2019

Florian Weimer wrote:
> ...
> I think nowadays, it should be possible to clamp the sending buffer size
> to something like 1200 bytes (to leave some room for tunnels) and
> configure the system so that it will never generate atomic fragments, ...

i think that's the wrong approach. rather, we should alter the servers 
so that all udp responses and perhaps all tcp segments are fragmented. 
let those who think they have deployed ipv6 but who don't permit 
fragmentation be the ones to do additional work -- not those whose 
implementations are compliant and interoperable.

middleboxes must receive truly bad service and miserable treatment, or 
we will be their slaves forever. the 19 years of EDNS deployment should 
have taught us that lesson irrevocably and unambiguously.

we didn't move fast and we're not the ones breaking things.

P Vixie

More information about the dns-operations mailing list