[dns-operations] How .org name server handle large DNS response?

Florian Weimer fweimer at redhat.com
Mon Jan 14 10:39:08 UTC 2019


* Paul Vixie:

> Florian Weimer wrote:
>> ...
>>
>> I think nowadays, it should be possible to clamp the sending buffer size
>> to something like 1200 bytes (to leave some room for tunnels) and
>> configure the system so that it will never generate atomic fragments, ...
>
> i think that's the wrong approach. rather, we should alter the servers
> so that all udp responses and perhaps all tcp segments are
> fragmented.

Why would anyone want to do that?  Fragmentation is broken.

I might be somewhat sympathetic to the underlying goal if fragmentation
had any value whatsoever, but I just don't see that.

> let those who think they have deployed ipv6 but who don't
> permit fragmentation be the ones to do additional work -- not those
> whose implementations are compliant and interoperable.

DNS server deployments are probably the worst offenders in this area
because you *cannot* run a stateless IPv6 UDP server.  The protocol
simply does not allow it.  In the real world, this is a protocol design
error, and not a problem with server deployments.

Thanks,
Florian



More information about the dns-operations mailing list