[dns-operations] DNS flag day 2020 update
Paul Vixie
paul at redbarn.org
Wed Mar 25 08:27:06 UTC 2020
On Wednesday, 25 March 2020 07:41:51 UTC Petr Špaček wrote:
> Hello DNS operators!
>
> ...
>
> Are you a DNS vendor, operator, firewall vendor or service provider and want
> to improve on DNS resilience?
yes.
> Then ready our guidelines on "Message Size Considerations" for EDNS [3] to
> reduce or even avoid fragmentation of the DNS and please allow DNS over
> TCP!
>
> [3] https://dnsflagday.net/2020/#message-size-considerations
from [3]:
"An EDNS buffer size of 1232 bytes will avoid fragmentation on nearly all
current networks. This is based on an MTU of 1280, which is required by the
IPv6 specification, minus 48 bytes for the IPv6 and UDP headers."
many of us are successfully using 1400 or larger. the MTU value of 1280 that
this calculation is based on, was arbitrarily chosen in the IPv6
specification, and no real network operates with this limit. the 48 byte
subtrahend was arbitrarily chosen without leaving room for IP6 options. this
never matters for TCP because TCP knows the size of the IP6 options that will
be used. this in turn never matters because the internet's effective MTU is
~1500.
a less-arbitrary value would be better. those of us using 1400 do so because
we want to leave room for IP6 options as well as tunnel overhead.
please reconsider the further use of the number 1280, which was made
deliberately small because of the unrealistic expectation that all IP6 flows
would be governed by PMTUD. no real network today operates with this MTU size.
--
Paul
More information about the dns-operations
mailing list