[Yeti DNS Discuss] Dealing with IPv6 Fragmentation in the DNS

Geoff Huston gih at apnic.net
Thu Aug 24 08:56:17 UTC 2017

> On 24 Aug 2017, at 2:56 am, Andreas Schulze <andreas.schulze at datev.de> wrote:
> Am 23.08.2017 um 16:05 schrieb P Vix:
>> Fragmentation in v6 was meant to be an improvement on v4, by making it end to end only ... Routers don't fragment. Turns out icmp6 is a huge security hole and is most often blocked.
>> I had thought that DNS servers were now using mtu 1280 to work around it.
> I set 1220 on all of my NSD instances months ago. At least, it don't hurt.

UDP fragmentation loss in IPv6 - yes it hurts!

More information about the discuss mailing list