[Yeti DNS Discuss] Dealing with IPv6 Fragmentation in the DNS
praveen.misra at eis.ernet.in
Wed Aug 23 17:54:23 UTC 2017
An article in APNIC. Apologies if its already seen or unrelated https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/
On 23-08-17 22:26, Andreas Schulze <andreas.schulze at datev.de> wrote:
> Am 23.08.2017 um 16:05 schrieb P Vix:
> >Fragmentation in v6 was meant to be an improvement on v4, by making it end to end only ... Routers don't fragment. Turns out icmp6 is a huge security hole and is most often blocked.
> >I had thought that DNS servers were now using mtu 1280 to work around it.
> I set 1220 on all of my NSD instances months ago. At least, it don't hurt.
> ( see https://nlnetlabs.nl/projects/nsd/nsd.conf.5.html )
> outgoing-tcp-mss: 1220
> tcp-mss: 1220
> discuss mailing list
> discuss at lists.yeti-dns.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss