In message <[email protected]>, joel jaeggli writes: > I'm interested in the intersection between the requested payload size > and the use of the v6 fragmentation header, 6891 I think is missing some > advice to implementers that might reasonably prevent fragmented replies > from being dropped and limit the degree of amplification that can be > achieved with large RRsets.
Fragments get dropped because of badly configured/designed firewalls and PMTUD. Setting IPV6_USE_MIN_MTU to 1 helps with the latter though it may result in a addition fragment being sent. If one really wants to play games you set IPV6_USE_MIN_MTU to 1 for DNS UDP responses bigger than 1432 octets and leave it at -1 for mesages 1432 octets and less. 1432 octets allows for both a IPv4 and IPv6 header over ethernet without fragmenting. There is still a lot of 6in4 and 6to4 tunnels. TCP should always set IPV6_USE_MIN_MTU to 1 as PMTUD takes too long for DNS and is unreliable. Except for a zone transfers the most it will add is 5 additional packets (+ possible acks) to the transaction and usually no more than 1. > Are there thoughts about this based on experience? > > thanks > joel > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
