[Yeti DNS Discuss] Dealing with IPv6 Fragmentation in the DNS
Praveen Misra
praveen.misra at eis.ernet.in
Wed Aug 23 17:54:23 UTC 2017
An article in APNIC. Apologies if its already seen or unrelated https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/
Praveen
On 23-08-17 22:26, Andreas Schulze <andreas.schulze at datev.de> wrote:
>
> Am 23.08.2017 um 16:05 schrieb P Vix:
> >Fragmentation in v6 was meant to be an improvement on v4, by making it end to end only ... Routers don't fragment. Turns out icmp6 is a huge security hole and is most often blocked.
> >
> >I had thought that DNS servers were now using mtu 1280 to work around it.
> I set 1220 on all of my NSD instances months ago. At least, it don't hurt.
>
> ( see https://nlnetlabs.nl/projects/nsd/nsd.conf.5.html )
> server:
> outgoing-tcp-mss: 1220
> tcp-mss: 1220
>
>
> Andreas
> _______________________________________________
> discuss mailing list
> discuss at lists.yeti-dns.org
> http://lists.yeti-dns.org/mailman/listinfo/discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20170823/41467753/attachment.html>
More information about the discuss
mailing list