[dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01
Mark Andrews
marka at isc.org
Wed Sep 16 22:16:53 UTC 2020
> On 17 Sep 2020, at 00:16, Jeremy Harris <jgh at wizmail.org> wrote:
>
> On 16/09/2020 09:11, Mark Andrews wrote:
>> There are a number of issues.
>
>> Stupid firewalls that block PTB messages. Solution, fragment at network MTU.
>
> Let me rephrase that for you: "Solution, fragment at network MTU (a
> value that you cannot efficiently discover).”
I meant what I said and you immature reply is not appreciated.
Well for IPv6 you do know that number (1280) and there are even setsockopt values
that you can use to do that. You can even do this on a per packet basis using sendmsg().
static void
use_min_mtu(isc__socket_t *sock) {
#if !defined(IPV6_USE_MIN_MTU) && !defined(IPV6_MTU)
UNUSED(sock);
#endif /* if !defined(IPV6_USE_MIN_MTU) && !defined(IPV6_MTU) */
#ifdef IPV6_USE_MIN_MTU
/* use minimum MTU */
if (sock->pf == AF_INET6) {
int on = 1;
(void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_USE_MIN_MTU,
(void *)&on, sizeof(on));
}
#endif /* ifdef IPV6_USE_MIN_MTU */
#if defined(IPV6_MTU)
/*
* Use minimum MTU on IPv6 sockets.
*/
if (sock->pf == AF_INET6) {
int mtu = 1280;
(void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_MTU, &mtu,
sizeof(mtu));
}
#endif /* if defined(IPV6_MTU) */
}
For IPv4 you just ensure that the do not fragment bit is turned off in the IPv4 header and
avoid PMTUD problems that way.
> --
> Cheers,
> Jeremy
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list