Preparing for upcoming DNSSEC changes on 5/5
Mark Andrews
marka at isc.org
Tue May 4 01:19:30 UTC 2010
In message <4BDF4B79.4050101 at ou.edu>, Peter Laws writes:
> On 05/03/10 16:19, Mark Andrews wrote:
>
> > The test is a rough guide to the maximum packet size supported by the path.
>
> So what would be the point of using edns-udp-size to something even
> smaller? None I can see ...
>
> What am I missing?
There is a difference between what the path is capable of and what
named will try to use. Named will try 4096 and 512 bytes, by
default.
Lets say the path is only capable of handling unfragmented IPv4
packets. You then have a path limit of ~1460 (depends on how many
IP in IP tunnels there are in the path). If the response is bigger
that 1460 it won't get through, named will timeout, try a different
server, timeout, try a differnet server, timeout and then send
requests advertising a 512 byte buffer instead of 4096 which will
get through usually with TC set and named will then fallback to
TCP.
Now we do the same with a edns-udp-size set to 1460. The response
will no longer be > 1460 so it is unlikely to be fragmented and it
gets through first time. Depending upon where the response is
truncated it will have TC set or not. Some parts of some responses
are optional.
We have eliminated 3 timeouts and a almost certain TCP query by
setting edns-udp-size to match the path characteristics.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list