[Yeti DNS Discuss] Dealing with IPv6 Fragmentation in the DNS
Geoff Huston
gih at apnic.net
Thu Aug 24 11:45:45 UTC 2017
> On 24 Aug 2017, at 7:02 pm, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> On Wed, Aug 23, 2017 at 06:56:17PM +0200,
> Andreas Schulze <andreas.schulze at datev.de> wrote
> a message of 19 lines which said:
>
>> server:
>> outgoing-tcp-mss: 1220
>> tcp-mss: 1220
>
> It is only for TCP, where the big problem is with UDP.
>
> ipv6-edns-size: 1220 ?
This is an approach that is used by a.root-servers.net and j.root-servers.net
These servers appear to truncate any response in UDP over IPv6 that is larger than 1,280 octets irrespective of the offered UDP buffer size. That way they are forcing the resolver to re-query using TCP. Which is fine except for the unfortunate observation that some 17% of resolvers appear to have some kind of broken firewall in front of them that prevents them from establishing a TCP session.
There is no clear best path here - you just need to figure out which rocks you feel comfortable with hitting!
G.
More information about the discuss
mailing list