On 02/09/2019 19:52, Dave Taht wrote: > > Does anyone have an opinion on: > > https://github.com/dns-violations/dnsflagday/issues/125 > > (posteth not here, but on that thread) >
Dnsmasq has code which tries to detect lost oversize UDP packets and reduces the maximum sent to 1280. If the powers that be can comes up with a definitive solution, I'd like to implement it. > sort of spawned by that, though, are three questions, which > perhaps we can answer here... > > 1) How much is the dnssec stuff in dnsmasq enabled? > > For example, although it's available in openwrt, I think it is disabled > by default. It was enabled by default in cerowrt (my old project), but > had enough bugs revealed after the final release for most to disable it. > > That said, I do run it where I can, in openwrt, but I figure it's kind > of lonely. > I don't know. I suspect not often. Why bother? most of the net is not signed anyway. We eat our own DNSSEC dogfood here at thekelleys, and don't see any problems, forwarding to 8.8.8.8 or 1.1.1.1 Most of the bug reports I see these days seem to be due it different/unexpected behaviour of upstreams which catches out code tested almost exclusively on those two. > 2) How often does it succeed over udp? > > 3) How often does it have to fallback to tcp? > I don't know for sure, and don;t have any recent logs. I've not, historically, seen high TCP fallback rates. Cheers, Simon. > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss