* Stephane Bortzmeyer:
> The future RFC 6864, currently in AUTH48 state, talks about the
> unicity of the ID (datagram identifier) field for IPv4. Its section
> 5.2 is of interest to us: basically, it says that senders of
> "non-atomic packets" (a non-atomic packet is an IPv4 packet which is
> fragmented or will possibly be, since it has no DF bit: unlike a HTTP
> server, the traffic of a DNS server is typically mostly made of
> non-atomic packets) MUST rate-limit such packets to enforce the old
> (RFC 791) rule that ID must be unique for the duration of a packet in
> the network (typically two minutes, a number I've always find very
> high).
A typical initial TTL is 64, so the packet lives for at most 64
seconds. (Originally, the TTL was measured in seconds, and decrement
by at least 1 at every hop.)
> Is there a practical consequence for us?
Strictly speaking, it forbids stateless authoritative servers because
counters for rate limiting have to be recorded somewhere.
> My first guess is No since the unicity is only per couple {src,
> dest} and there is no chance a DNS server will have to send more
> than 6.4 Mbps to a given destination (6.4 is the maximum throughput
> with a 1500 B MTU with the ID unicity limit).
1000 responses per second doesn't seem that much, though.
(Fortunately, IPv6 comes with a 32 bit fragment ID...)
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
