In message <[email protected]>, Tony F inch writes: > Florian Weimer <[email protected]> wrote: > > > > I think you still can't serve UDP over IPv6 without per-client sate, > > keeping both full RFC conformance and interoperability with the > > existing client population. Pre-fragmentation to 1280 or so bytes > > isn't enough, you also have to generate atomic fragments. > > Or don't fragment and restrict the EDNS buffer size to 1280. I'm somewhat > amazed that DNS-over-fragmented-UDP works as well as it does. See also > https://www.usenix.org/conference/lisa12/dnssec-what-every-sysadmin-should-be > -doing-keep-things-working
Which just moves the PMTUD problem to TCP which I can assure you is also a problem. Some of the ORG servers are configured like this and guess what it does not work well. Named now sets IPV6_USE_MIN_MTU to 1 on TCP sockets to avoid this as well. In theory this should impact on the MSS negotiation and the MTU for the connection has been reduced to 1280. Apple and FreeBSD (at least get this wrong). Bug reports have been filed with both vendors as well as a kernel patch for FreeBSD. In practice it results in fragmented TCP packets being sent but at least you avoid PMTUD one way. > Tony. > -- > f.anthony.n.finch <[email protected]> http://dotat.at/ > Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. > Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, > occasionally poor at first. > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
