[dns-operations] [Ext] Verisign TLDs, some other servers may trim critical glue from very large referrals

Paul Vixie paul at redbarn.org
Fri Jan 4 16:53:29 UTC 2019

Viktor Dukhovni wrote:
> ...
> Separately, I agree that an EDNS buffer size of 512 seems unwise.
> Though 1280 might be a tad too big, because the IPv6 MTU, not the
> maximum payload size of a UDP datagram.  One needs to subtract the
> IP and IP header sizes.  My ad hoc estimate is 1280 - 64 = 1216.

1280 is the result of such subtraction, of may possible things, starting 
with an assumed end-system MTU of 1500. you don't have to subtract even 

however, 1280 symbolizes a one-sided negotiation with middle-box 
vendors, and is in my view most unwise. when something doesn't work, 
it's not always up to the server operator to find a workaround. if we 
don't want to wait 19 more years for IPv6 to be deployed (referring to 
the EDNS struggle) then we have to force the people who broke stuff like 
fragmentation to be the ones to fix what they broke -- not us.

P Vixie

More information about the dns-operations mailing list