On 04.12.2017 23:11, James Carlson wrote: > This is normal behavior for IPv4 in Solaris; it's part of Path MTU > Discovery.
I'm not sure setting the DF bit on a fragment is really useful apart from the very first fragment. All subsequent fragments will not have enough information (like port etc.) to trigger meaningful icmp responses. And there really is no point doing pmtud on all fragments. If the first fragment is too large, the whole packet needs to be refragmented anyway, and whether or not the other fragments went through becomes meaningless. > I think a better idea is to set up your DNS server to use TCP when it > needs to send ridiculously big replies. Using UDP for large messages is > just fraught with peril. EDNS allows the peers to negotiate packet sizes up to 4096 bytes ... But I do agree that it is better to avoid UDP fragmentation as a matter of principle. edns-udp-size 1440; max-udp-size 1440; in named.conf fixed that issue for me. Thanks all for the help and insight. best /markus _______________________________________________ openindiana-discuss mailing list firstname.lastname@example.org https://openindiana.org/mailman/listinfo/openindiana-discuss