In my comments regarding section 3.3 of the draft-ietf-dnsop-avoid-fragmentation, I alluded to the need for a method of validating a configured DNS UDP default MTU value, when a client is starting up, and has been configured to use one or more resolvers. This test would be performed towards each resolver, as appropriate.
If this idea is received with support, I'll write it up. It is quite simple, I believe, and should be easy to implement. The short version is, the client requests a packet from the resolver, which is exactly the size of the MTU. This means the resolver returns a response which is padded with data, so that the DNS payload size matches the maximum size allowed per EDNS0 rules: the minimum of the configured value on the resolver, and the requested value from the EDNS0 BUFSIZE value. The suggested record name, class, type is "lorem.ipsum" CH TXT. The value would be padded with repeated instances of the canonical "lorem ipsum" text, in TXT record format, truncated to the correct length to match the requirements. (While "quick brown fox" might be similarly suitable, it is frequently used by test sets, and its presence as payload might cause confusion and errors.) The resolver would set the DF bit, and if the response is not received, the client would need to react accordingly. E.g retry, reduce size, iterate until a response is received. Feedback on this idea is welcome. Thanks, Brian Dickson
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
