[dns-operations] For darpa.mil, EDNS buffer == 1232 is *too small*. :-(

Brian Somers bsomers at opendns.com
Mon Apr 20 19:52:49 UTC 2020

On Apr 18, 2020, at 9:39 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> Is there any new information on whether something closer to 1400 is
> generally safe also for IPv6?

At Cisco we allow up to 1410 bytes upstream and drop fragments.  We prefer IPv6
addresses when talking to authorities.  We’ve been doing this for years (except for
a period between Feb 2019 and Aug 2019).  Zero customer complaints.

Policy-free addresses are:
If you want to experiment.


More information about the dns-operations mailing list