[Yeti DNS Discuss] 答复: Observation on Large response issue during Yeti KSK rollover

Davey Song(宋林健) ljsong at biigroup.cn
Thu Aug 3 01:47:23 UTC 2017 

I edited the conclusion part :

The monitoring result shows that statistically large packets will trigger higher failure rate (around 7%) due to IPv6 fragmentation issues, which accordingly increase probability of retries and TCP fallback. It should be noted that during the KSK rollover and other experience in Yeti testbed, no error report was spotted directly due to packet size problem (less than 10% likely to cause timeout). So it is should be further observed and evaluate the impact of large packets issue.

To avoid less than 10% anomaly inside DNS transaction, one direct solution is to hold the a certain size as a boundary for response, like 512-octets was hold for a long time in DNS specification. In IPv6 era, a new boundary 1220 octets was proposed in APNIC blog posts. I would like to ask is it worthwhile to take any heavier measures to this issue? Does it sound like a plan to use stateful connection in the first place to transmit DNS like TCP or HTTP for queries causing large response, or fragment the packets in the DNS layer?

Davey

> -----邮件原件-----
> 发件人: Hugo Salgado-Hernández [mailto:hsalgado at nic.cl]
> 发送时间: 2017年8月3日 0:55
> 收件人: Davey Song(宋林健)
> 抄送: discuss at lists.yeti-dns.org
> 主题: Re: [Yeti DNS Discuss] Observation on Large response issue during Yeti
> KSK rollover
> 
> On 09:35 02/08, Davey Song(宋林健) wrote:
> > Hi folks,
> >
> >
> >
> > I put a article to introduce some observations during Last Yeti KSK
> > rollover which is finished in this May.
> >
> > http://yeti-dns.org/yeti/blog/2017/08/02/large-packet-impact-during-ye
> > ti-ksk
> > -rollover.html
> >
> >
> >
> > The conclusion is quoted as follows:
> >
> >
> >
> > The monitoring result shows that statistically large packets will
> > trigger higher failure rate (around 0.7%) due to IPv6 fragmentation
> > issues, which
> 
> Hi Davey.
> Sorry, maybe I'm misunderstanding, but I see 2,920 failures out of
> 42,459 total queries in the table, so that accounts on almost 7% !
> 
> Best,
> 
> Hugo
> 
> > accordingly increase probability of retries and TCP fallback. It
> > should be noted that during the KSK rollover and other experience in
> > Yeti testbed, no error report was spotted directly due to packet size
> > problem (less than 1% likely to cause timeout). So it is should be
> > further observed and evaluate the impact of large packets issue. To
> > avoid less than 1% anomaly, we can consider is it worthwhile to take
> > any measures to this issue? Does it sound like a plan to use stateful
> > connection in the first place to transmit DNS like TCP or HTTP for
> > queries causing large response, or
> > <https://tools.ietf.org/html/draft-muks-dns-message-fragments-00>
> > fragmenting the packets in the DNS layer?
> >
> >
> >
> > Best regards,
> >
> > Davey
> >
> 
> > _______________________________________________
> > discuss mailing list
> > discuss at lists.yeti-dns.org
> > http://lists.yeti-dns.org/mailman/listinfo/discuss

More information about the discuss mailing list