[dns-operations] How .org name server handle large DNS response?
Paul Vixie
paul at redbarn.org
Mon Jan 14 16:32:02 UTC 2019
Florian Weimer wrote:
> * Paul Vixie:
> Why would anyone want to do that? Fragmentation is broken.
i think it was put into the spec for a reason, and should be fixed.
> I might be somewhat sympathetic to the underlying goal if fragmentation
> had any value whatsoever, but I just don't see that.
fragmentation as defined for IPv6 required PMTUD. the goal of this dual
complexity was to avoid "always send 1500" or worse "always send 1280".
some end networks don't permit the AH header because it's insecure; many
others don't ICMP6 because it's insecure.
well, as someone once told me, ARP is insecure, but not all subnets have
one-bit or two-bit host fields. there are other ways to manage the risks
of insecure protocols than by blocking them at the firewall.
if ATM's 53-byte cell size was considered absurdly small at 155MBit/sec,
then 1500-byte packets on 100MBit/sec is even moreso.
a well engineered network would let me run jumbograms on my end-LAN and
would take advantage of whatever PMTU the WAN could support.
if the only way V6 can be deployed is by throwing away every new feature
it had except address size, then we're doing this all wrong.
--
P Vixie
More information about the dns-operations
mailing list