[dns-operations] DNS flag day 2020: Recommended EDNS buffer size discussion

Lee ler762 at gmail.com
Mon Sep 2 23:26:47 UTC 2019

On 9/2/19, Paul Vixie <paul at redbarn.org> wrote:
> On Monday, 2 September 2019 20:41:55 UTC Lee wrote:
>> On 9/2/19, Paul Vixie <paul at redbarn.org> wrote:
>> > On Monday, 2 September 2019 17:31:50 UTC Lee wrote:
>> >> I think tcp mss working as well as it does is because the mss is
>> >> negotiated at connection setup time (syn, syn+ack option tcp mss
>> >> size).
>> >
>> > no.
>> Are we arguing definitions?
> perhaps.
>> Source sends a SYN with the tcp mss option set to 1460, destination
>> responds with a SYN+ACK with the tcp mss option set to 1280, both
>> sides use an mss of 1280.  Which sounds like a negotiation to me..
> neither side will transmit a larger segment than their PMTU indicates, nor
> larger than the far end's MSS offer indicates. so it amounts to the same
> outcome as you describe. as shown in RFC 6691, there are other reasons for
> sending even-smaller segments in some cases, which are per-segment and per-
> sender and which are neither visible nor relevant to the far end. so, i have
> always treated MSS as an advertised maximum, not an agreed limit.
>> > and it proceeds from local
>> > knowledge of the path MTU like the routing table or the sysctl
>> > definitions
>> > set by a sysadmin. generally speaking path MTU discovery does not work
>> Right - generally speaking path MTU discovery does not work.  So when
>> setting up ipsec tunnels between routers I'd also configure ip tcp
>> adjust-mss to lower the offered mss on traffic going through the
>> tunnel & have everything work.
> as we all do.
>> I never did figure out how to automatically fix udp traffic.  So I'm
>> not understanding how your suggestion to use what works for tcp is
>> applicable to udp.
> here's the text from RFC 2923 which applies:
>> While Path MTU Discovery (PMTUD) can be used with any upper-layer
>> protocol, it is most commonly used by TCP;  this document does not
>> attempt to treat problems encountered by other upper-layer protocols.
> see also this text from RFC 1122:
>> However, in general the TCP layer may not have the
>> appropriate information to make this decision, so it is
>> preferable to leave to the IP layer the task of
>> determining a suitable MTU for the Internet path.  We
>> therefore recommend that TCP always send the option (if
>> not 536) and that the IP layer determine MMS_R as
>> specified in 3.3.3 and 3.4.  A proposed IP-layer
>> mechanism to measure the MTU would then modify the IP
>> layer without changing TCP.
> the final sentence is, to me, the key to the future of PMTUD(6).

I thought we both agreed that path mtu discovery couldn't be relied
on, but whatever..

> and to state
> again for the record, i am not asking the DNS community to take that on.

I was wondering.  It wasn't clear exactly what you were asking for.

> what
> i am asking is that any standard we write be future-proof in the sense that
> whatever "practical maximum" is chosen (1200, or similar) be described in
> the context of "unless better information is available".

I think I understand now.  "unless better information is available"
sounds reasonable enough


More information about the dns-operations mailing list