[dns-operations] DNS Flag Day 2020 will become effective on 2020-10-01

Ralf Weber dns at fl1ger.de
Fri Sep 11 14:46:43 UTC 2020


Moin!

On 11 Sep 2020, at 10:29, Viktor Dukhovni wrote:

> Paul is not arguing against avoiding fragmentation, IIRC his name is on
> a draft recommending fragmentation avoidance.  So I think the issue is
> really about which numbers to go with.
I think nobody is thinking that. We do have an agreement that fragmentation
does not work and thus we must make sure to not send packets that will
fragment. The whole discussion is about picking a default number.

> While 1232 is in the ballpark, it may be too conservative, the case for
> 1232 rather than perhaps say 1400 didn't look that compelling.  For most
> users the larger number is also fine, and sometimes even avoids (notably
> rare) problems where a larger value works, but the smaller does not.
I recall an incident where an auth server was accepting a maximum size
around 700 bytes, and we could not resolve it as at that time our default
size was 4000. However some other resolver software could resolve as it
was advertising an 512 byte EDNS0 buffer in those circumstances. These
are the workaround we want to get rid of and as a vendor and operator of
DNS resolver software. As an operator or vendor you will get calls/tickets
when your software can not resolve something and other software can, and
the consensus of the major resolver software vendors is to use 1232 as
the default EDNS0 buffer size.

Most if not all software still will have a switch where you can make it
bigger or smaller. The only benefit of having a larger size is less
switches to TCP and the impact of this is way smaller then the impact of
DoH and DoT also coming to authoritative servers.

So I still think 1232 is a good default number, and rather then fighting
over a few bytes the DNS community should work on other stuff.

So long
-Ralf
—--
Ralf Weber



More information about the dns-operations mailing list