On 04.12.2017 23:11, James Carlson wrote:

> This is normal behavior for IPv4 in Solaris; it's part of Path MTU
> Discovery.  

I'm not sure setting the DF bit on a fragment is really useful apart
from the very first fragment. All subsequent fragments will not have
enough information (like port etc.) to trigger meaningful icmp
responses. And there really is no point doing pmtud on all fragments. If
the first fragment is too large, the whole packet needs to be
refragmented anyway, and whether or not the other fragments went through
becomes meaningless.
> I think a better idea is to set up your DNS server to use TCP when it
> needs to send ridiculously big replies.  Using UDP for large messages is
> just fraught with peril.
EDNS allows the peers to negotiate packet sizes up to 4096 bytes ...

But I do agree that it is better to avoid UDP fragmentation as a matter
of principle.

edns-udp-size 1440;
max-udp-size 1440;

in named.conf fixed that issue for me.
Thanks all for the help and insight.

best /markus

openindiana-discuss mailing list

Reply via email to