[dns-operations] DNS flag day 2020 update

Paul Vixie paul at redbarn.org
Wed Mar 25 08:27:06 UTC 2020

On Wednesday, 25 March 2020 07:41:51 UTC Petr Špaček wrote:
> Hello DNS operators!
> ... 
> Are you a DNS vendor, operator, firewall vendor or service provider and want
> to improve on DNS resilience?


> Then ready our guidelines on "Message Size Considerations" for EDNS [3] to
> reduce or even avoid fragmentation of the DNS and please allow DNS over
> TCP!
> [3] https://dnsflagday.net/2020/#message-size-considerations

from [3]:

"An EDNS buffer size of 1232 bytes will avoid fragmentation on nearly all 
current networks. This is based on an MTU of 1280, which is required by the 
IPv6 specification, minus 48 bytes for the IPv6 and UDP headers."

many of us are successfully using 1400 or larger. the MTU value of 1280 that 
this calculation is based on, was arbitrarily chosen in the IPv6 
specification, and no real network operates with this limit. the 48 byte 
subtrahend was arbitrarily chosen without leaving room for IP6 options. this 
never matters for TCP because TCP knows the size of the IP6 options that will 
be used. this in turn never matters because the internet's effective MTU is 

a less-arbitrary value would be better. those of us using 1400 do so because 
we want to leave room for IP6 options as well as tunnel overhead.

please reconsider the further use of the number 1280, which was made 
deliberately small because of the unrealistic expectation that all IP6 flows 
would be governed by PMTUD. no real network today operates with this MTU size.


More information about the dns-operations mailing list