[dns-operations] FlagDay 2020 UDP Size

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Aug 5 17:49:22 UTC 2020

On Tue, Aug 04, 2020 at 11:51:17PM +0100, Tony Finch wrote:

> Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> > What I haven't seen reported is measurements of problems that occur when
> > the EDNS(0) UDP buffer size is *too small*.
> A full service resolver should not have a fixed buffer size but instead
> probe for what works. They pretty much already do so. There remains some
> question about what their upper limit should be; it seems reasonable to me
> to grow up to a 1500 octet MTU but no bigger.

In any case my take-away is that fine-tuning of the UDP buffer size is
best done by clients, whether it is then static or dynamic is a separate

> The tricky balance is the UDP response size limit on the auth side, which
> can't be adaptive, and probably needs to be a bit more pessimistic than
> a 1500 octet MTU.

And that servers (whether recursive or auth) should have somewhat more
generous buffer sizes to allow better-connected clients to get the
responses that work for their network path to the server, unless the
server is known to be in some corner of the network where UDP fragment
sizes need to be artificially capped below the typical values.

Thus perhaps something closer to a default of 1460 bytes for both IPv4
and IPv6 on the server, and appropriately smaller values on clients,
per the various studies, but taking into account that values that
are too small also cause problems.


More information about the dns-operations mailing list