[dns-operations] DNS flag day 2020: Recommended EDNS buffer size discussion

Joelle Maslak jmaslak at antelope.net
Mon Sep 2 19:05:41 UTC 2019

I've used 1200 as well at a previous job with no issue for years (and it
was a big enough deployment if there were issues, they would have been
noticed).  I do not recommend sending fragmented IPv6 packets (as suggested
elsewhere on this thread), as too many people block fragments on IPv6.

I'm not commenting on whether or not this should be a flag day, just that I
have a lot of experience with 1200 at scale and it seems to work fine.  My
gut tells me 1220 would be fine too, I picked 1200 because I knew it was
safe even if I counted slightly wrong.  :)

On Mon, Sep 2, 2019 at 1:25 AM Florian Weimer <fweimer at redhat.com> wrote:

> * Jerry Lundström:
> > Hi all,
> >
> > I have opened an issue that will serve as a public, open to all,
> > discussion forum for what the recommended EDNS buffer size should be
> > for DNS Flag Day 2020.
> >
> >   <https://github.com/dns-violations/dnsflagday/issues/125>
> >
> >> Please note that the exact recommended EDNS buffer sizes have not been
> agreed upon, the current ballpark around 1200 (1220, 1232, …) is to limit
> the risk of fragmentation in IPv6.
> >
> > Note that most of the text on dnsflagday.net mentions 1220 bytes.
> I personally have used 1200 bytes, but I can switch to 1220 if that's
> the consensus.  Previously, the consensus was that fragments were good
> for the network (which I found rather odd).
> > Please feel free to voice your opinion!
> What about generating atomic fragments by default, to support stateless
> IPv6 UDP service?  Or not generating atomic fragments under any
> circumstances?  Would that be a separate discussion?
> Thanks,
> Florian
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190902/f13b478e/attachment.html>

More information about the dns-operations mailing list