On Wed, Apr 15, 2020 at 05:11:46AM +0530, Mukund Sivaraman wrote:
> One more question:
>
> > 3. Proposal to avoid IP fragmentation in DNS
>
> > o UDP requestors and responders SHOULD send DNS responses with
> > IP_DONTFRAG / IPV6_DONTFRAG [RFC3542] options, which will yield
> > either a silent timeout, or a network (ICMP) error, if the path
> > MTU is exceeded. Upon a timeout, UDP requestors may retry using
> > TCP or UDP, per local policy.
>
> If the IP_DONTFRAG/IP_DF/IP_PMTUDISC_DO option is available and can be
> used to set the DF flag on DNS over UDP over IPv4 PDUs, why are any of
> the following maximum-size mitigations (the next 3 items after the above
> quoted item) necessary?
Possibly this is client-driven mitigation, right? A client which does
not know if the server will set DF=1 can still avoid fragmentation of
the reply by using a smaller EDNS UDP payload size.
Mukund
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
