On Fri, Jan 23, 2015 at 10:12 AM, Nicholas Weaver <[email protected]> wrote: > >> On Jan 23, 2015, at 10:01 AM, Paul Hoffman <[email protected]> wrote: >> >> What is the problem with #2? IP fragmentation happens, and The Internet is >> expected to work with it. That is, of what possible value is "inform their >> customers"? > > The Internet has unfortunately decreed that Fragmentation Does Not Work with > IPv4, and Really Does Not Work with IPv6. > > This will cause timeouts until the resolver realizes it should use a smaller > EDNS0 MTU and in that case, the resolver will failover to TCP for that query, > which some in the DNS community view as anathema... >
Besides the additional latency caused by loss recovery, as Nicholas said, fragments may also bring problem of fragmentation attack described in: A. Herzberg and H. Shulmanz. Fragmentation considered poisonous. In Proc. of IEEE Conference on Communications and NetworkSecurity (CNS), Oct. 2013. -Liang Zhu _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
