Hello. On 2/26/20 11:51 PM, Brian Somers wrote: > - Servers (nameservers or resolvers) do their best to reply as asked > > The client wants the data and can decide on what risk the chosen > bufsize implies in their environment. Servers can apply practical > limits to bufsize to avoid large buffers or huge amplifications > etc.
The client can limit the bufsize, but *if* something close to the client is obstructing fragments (say in ISP's network), I believe this DNS client typically isn't clever enough to "know/notice" and directly request smaller bufsize. The RFC recommended default 4096, so it's not surprising to often see that in practice. Here I think it will actually help the reliability if the server caps the bufsize under 1.5k even if its client signals that it can handle more. Incidentally, I think that never sending RRSIGs in answers considerably reduces the probability of fragmentation happening in real-life cases :-) --Vladimir _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
