[Yeti DNS Discuss] Dealing with IPv6 Fragmentation in the DNS
andreas.schulze at datev.de
Wed Aug 23 16:56:17 UTC 2017
Am 23.08.2017 um 16:05 schrieb P Vix:
> Fragmentation in v6 was meant to be an improvement on v4, by making it
> end to end only ... Routers don't fragment. Turns out icmp6 is a huge
> security hole and is most often blocked.
> I had thought that DNS servers were now using mtu 1280 to work around it.
I set 1220 on all of my NSD instances months ago. At least, it don't hurt.
( see https://nlnetlabs.nl/projects/nsd/nsd.conf.5.html )
More information about the discuss