[dns-operations] TCP Re: FlagDay 2020 UDP Size (ofda.gov breakage)

Viktor Dukhovni ietf-dane at dukhovni.org
Sat Aug 8 05:59:51 UTC 2020

On Fri, Aug 07, 2020 at 10:07:04PM -0700, Fred Morris wrote:

> TLDR: Although DNS servers are supposed to support TCP, it is almost never 
> utilized in practice unless a UDP response is first received with TC=1, 
> and fragmentation exacerbates this.


> On Sat, 8 Aug 2020, Viktor Dukhovni wrote:
> > [...] So, while TCP actually works if used directly, there is
> > no TCP fallback since no UDP packets are returned with TC=1. :-(

And in this case, ironically setting a no longer recommended EDNS(0)
buffer size in excess of 1562 bytes, makes it work.  Until more
operators converge on reliable configurations, we have a situation in
which no choice of buffer size can be expected to interoperate across
the board.

Perhaps what could be helpful is a well-defined MTI buffer size (one for
IPv4 and another for IPv6?), that everyone is expected to be able to
support as a last resort.  Thus when queries time out with a default
buffer size of ~1400+ bytes, one might fall back to something closer to
1200 or 1300 (perhaps depending on IPv4 vs. IPv6), and reasonably
expect that to work.


More information about the dns-operations mailing list