These are sizes (and counts) of first fragments that are smaller than 1280 bytes from data collected on .CZ nameservers on 20130901.
IPv4 size 001248: 0001 IPv4 size 001248: 0001 IPv4 size 001240: 0001 IPv4 size 001160: 0004 IPv4 size 001144: 0002 IPv4 size 001112: 0001 IPv4 size 001112: 0001 IPv4 size 001064: 0002 IPv4 size 001000: 0001 IPv4 size 000960: 0001 IPv4 size 000960: 0001 IPv4 size 000960: 0001 IPv4 size 000960: 0001 IPv4 size 000960: 0001 IPv4 size 000960: 0001 IPv4 size 000736: 0001 IPv4 size 000560: 0001 IPv4 size 000512: 0001 IPv4 size 000192: 0002 IPv4 size 000120: 0001 e.g 26 occurences. I think it should be quite safe to cap the maximum EDNS0 to 1280 (the minimum IPv6 MTU) and set DF flag in all responses. What do you think? JFTR for the cap 1400 this would hit 359 queries. (Still a very small number) O. -- Ondřej Surý -- Chief Science Officer ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:[email protected] http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
