[dns-operations] How .org name server handle large DNS response?
Florian Weimer
fweimer at redhat.com
Mon Jan 14 10:39:08 UTC 2019
* Paul Vixie:
> Florian Weimer wrote:
>> ...
>>
>> I think nowadays, it should be possible to clamp the sending buffer size
>> to something like 1200 bytes (to leave some room for tunnels) and
>> configure the system so that it will never generate atomic fragments, ...
>
> i think that's the wrong approach. rather, we should alter the servers
> so that all udp responses and perhaps all tcp segments are
> fragmented.
Why would anyone want to do that? Fragmentation is broken.
I might be somewhat sympathetic to the underlying goal if fragmentation
had any value whatsoever, but I just don't see that.
> let those who think they have deployed ipv6 but who don't
> permit fragmentation be the ones to do additional work -- not those
> whose implementations are compliant and interoperable.
DNS server deployments are probably the worst offenders in this area
because you *cannot* run a stateless IPv6 UDP server. The protocol
simply does not allow it. In the real world, this is a protocol design
error, and not a problem with server deployments.
Thanks,
Florian
More information about the dns-operations
mailing list