[Yeti DNS Discuss] Observation on Large response issue during Yeti KSK rollover

Hugo Salgado-Hernández hsalgado at nic.cl
Wed Aug 2 16:54:48 UTC 2017

On 09:35 02/08, Davey Song(宋林健) wrote:
> Hi folks,
> I put a article to introduce some observations during Last Yeti KSK rollover
> which is finished in this May. 
> http://yeti-dns.org/yeti/blog/2017/08/02/large-packet-impact-during-yeti-ksk
> -rollover.html
> The conclusion is quoted as follows:
> The monitoring result shows that statistically large packets will trigger
> higher failure rate (around 0.7%) due to IPv6 fragmentation issues, which

Hi Davey.
Sorry, maybe I'm misunderstanding, but I see 2,920 failures out of
42,459 total queries in the table, so that accounts on almost 7% !



> accordingly increase probability of retries and TCP fallback. It should be
> noted that during the KSK rollover and other experience in Yeti testbed, no
> error report was spotted directly due to packet size problem (less than 1%
> likely to cause timeout). So it is should be further observed and evaluate
> the impact of large packets issue. To avoid less than 1% anomaly, we can
> consider is it worthwhile to take any measures to this issue? Does it sound
> like a plan to use stateful connection in the first place to transmit DNS
> like TCP or HTTP for queries causing large response, or
> <https://tools.ietf.org/html/draft-muks-dns-message-fragments-00>
> fragmenting the packets in the DNS layer? 
> Best regards,
> Davey

> _______________________________________________
> discuss mailing list
> discuss at lists.yeti-dns.org
> http://lists.yeti-dns.org/mailman/listinfo/discuss

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20170802/eeda4709/attachment.bin>

More information about the discuss mailing list