> As for worries about this causing fragmentation I humbly disagree, for the > following reasons: > 1. DNS query is unlikely to traverse multiple tunnels to local server. > 2. DNS query to a remote server is unlikely to traverse through a > IPSEC tunnel. > Thus we do not need to worry about extension headers at all and > can go to the upper limit of what IPv6 allows. Point 1 is probably valid, although it's possible there may be a tunnel, perhaps even an IPSEC tunnel, to some centralized facility for all "infrastructure" traffic including DNS. Point 2 is less clear, but let's take it as true. Still, I don't think your conclusion follows from the premises. Allowing for one IPSEC tunnel-mode wrapping and nothing else requires outer IP header 40 ESP wrapping 36 or more, typical inner IP header 40 UDP header 8 total 124 bytes -- allowing 1156 payload bytes, which is probably less than you wanted. If, on the other hand, the client uses EDNS0 to advertise the lesser of its resolver DNS buffer size and its IPv6 reassembly buffer limit (defaulting the latter to 1500 if it can't be determined by some API function) and the server punts PMTU problems by pre-fragmenting down to 1280, the "losing" cases are merely fragmented replies rather than TCP retries or worse. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
