David Conrad <[email protected]> wrote: > On Jul 28, 2014, at 5:48 AM, Nicholas Weaver <[email protected]> > wrote: > > > The solution is to detect and fallback on EDNS0 MTU to retry at 1400B > > first (rather than directly down to 512b), and properly handle > > truncation. > > How many shipping resolvers actually do this?
I don't know what Unbound does. BIND 9.9 and earlier have three states in the default configuration: EDNS 4096, EDNS 512, and no-EDNS. It would start at the top and work down in response to failures. There is a knob to adjust the starting buffer size. BIND 9.10 changes the first state to do variable-size probing: it will try 512, 1232, 1432, and 4096, starting at the bottom and working up and down depending on what works. The middle numbers come from the minimum IPv6 MTU minus space for headers, and the ethernet MTU minus v4 and v6 headers to allow for tunneling. The (fixed) EDNS 512 and no-EDNS states remain. Unfortunately starting with a UDP size of 512 provokes masses of horrible truncation bugs in authority servers which causes more breakage (in my experience) than fragmentation does. It is particularly unfortunate when BIND decides to send no-EDNS queries for DNSSEC zones :-( I've hacked my BIND to drop the fixed EDNS 512 state and to start the variable-size probing at 1232 which seems to work a lot better. http://dnssec-deployment.org/pipermail/dnssec-deployment/2014-July/007080.html Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Trafalgar: Cyclonic 4 or 5, becoming northerly 5 to 7 in north. Slight or moderate, becoming moderate or rough in north. Fog patches at first in east. Moderate or good, occasionally very poor at first in east. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
