[dns-operations] TCP Re: FlagDay 2020 UDP Size (ofda.gov breakage)
Viktor Dukhovni
ietf-dane at dukhovni.org
Sat Aug 8 05:59:51 UTC 2020
On Fri, Aug 07, 2020 at 10:07:04PM -0700, Fred Morris wrote:
> TLDR: Although DNS servers are supposed to support TCP, it is almost never
> utilized in practice unless a UDP response is first received with TC=1,
> and fragmentation exacerbates this.
Correct.
> On Sat, 8 Aug 2020, Viktor Dukhovni wrote:
> > [...] So, while TCP actually works if used directly, there is
> > no TCP fallback since no UDP packets are returned with TC=1. :-(
And in this case, ironically setting a no longer recommended EDNS(0)
buffer size in excess of 1562 bytes, makes it work. Until more
operators converge on reliable configurations, we have a situation in
which no choice of buffer size can be expected to interoperate across
the board.
Perhaps what could be helpful is a well-defined MTI buffer size (one for
IPv4 and another for IPv6?), that everyone is expected to be able to
support as a last resort. Thus when queries time out with a default
buffer size of ~1400+ bytes, one might fall back to something closer to
1200 or 1300 (perhaps depending on IPv4 vs. IPv6), and reasonably
expect that to work.
--
Viktor.
More information about the dns-operations
mailing list