[dns-operations] How .org name server handle large DNS response?
fweimer at redhat.com
Mon Jan 14 10:39:08 UTC 2019
* Paul Vixie:
> Florian Weimer wrote:
>> I think nowadays, it should be possible to clamp the sending buffer size
>> to something like 1200 bytes (to leave some room for tunnels) and
>> configure the system so that it will never generate atomic fragments, ...
> i think that's the wrong approach. rather, we should alter the servers
> so that all udp responses and perhaps all tcp segments are
Why would anyone want to do that? Fragmentation is broken.
I might be somewhat sympathetic to the underlying goal if fragmentation
had any value whatsoever, but I just don't see that.
> let those who think they have deployed ipv6 but who don't
> permit fragmentation be the ones to do additional work -- not those
> whose implementations are compliant and interoperable.
DNS server deployments are probably the worst offenders in this area
because you *cannot* run a stateless IPv6 UDP server. The protocol
simply does not allow it. In the real world, this is a protocol design
error, and not a problem with server deployments.
More information about the dns-operations