Preparing for upcoming DNSSEC changes on 5/5
Mark Andrews
marka at isc.org
Mon May 3 21:19:00 UTC 2010
In message <4BDF39F7.1060904 at ou.edu>, Peter Laws writes:
> On 05/03/10 15:55, Lightner, Jeff wrote:
>
>
> > Also one of the links I sent earlier had a similar comment about less
> > than 300 bytes difference not being a problem. I had missed that.
> >
> > 4096 - 3843 = 153
> > It seems if I'd paid attention I'd not have posted my follow up
> > questions.
>
> It's not on the dns-oarc.net page either, but I'm glad you mentioned it.
>
> Back to explicitly setting edns-udp-size to something smaller than the
> default, which seems to be 4096. Still not convinced this is necessary.
The test is a rough guide to the maximum packet size supported by the path.
The usual break points are ~2048 (old nameservers used as forwarders,
forwarding through a DNS proxy w/ a 2K UDP buffer), ~1500 (IPv4,
IPv6 fragments being dropped), ~1200 (IPv6 fragments being dropped),
and 512 (firewalls dropping DNS responses > 512).
A NAT/firewall that doesn't handle out of order fragments can
produce results all over the place.
Mark
> --
> Peter Laws / N5UWY
> National Weather Center / Network Operations Center
> University of Oklahoma Information Technology
> plaws at ou.edu
> -----------------------------------------------------------------------
> Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list