Yes, I get all that. But earlier in the thread, I noted that: "Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the dns-oarc.net test, which I assume is the default. I, too, get the 3843 "at least" value.
"Why would I set it to 3843? Wouldn't I want it to be set to 4096 even if *some* device between here and dns-oarc.net only allows that smaller value?" We've already had one anecdote of someone that also got 3843, setting edns-udp-size, re-running the test and getting a smaller number. Makes no sense to me to set it at less than the 4096-byte default unless *I* had faulty network equipment. -- Peter Laws / N5UWY National Weather Center / Network Operations Center / Web University of Oklahoma Information Technology [email protected] ________________________________________ From: [email protected] [[email protected]] Sent: Monday, May 03, 2010 20:19 To: Laws, Peter C. Cc: [email protected] Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 In message <[email protected]>, Peter Laws writes: > On 05/03/10 16:19, Mark Andrews wrote: > > > The test is a rough guide to the maximum packet size supported by the path. > > So what would be the point of using edns-udp-size to something even > smaller? None I can see ... > > What am I missing? There is a difference between what the path is capable of and what named will try to use. Named will try 4096 and 512 bytes, by default. Lets say the path is only capable of handling unfragmented IPv4 packets. You then have a path limit of ~1460 (depends on how many IP in IP tunnels there are in the path). If the response is bigger that 1460 it won't get through, named will timeout, try a different server, timeout, try a differnet server, timeout and then send requests advertising a 512 byte buffer instead of 4096 which will get through usually with TC set and named will then fallback to TCP. Now we do the same with a edns-udp-size set to 1460. The response will no longer be > 1460 so it is unlikely to be fragmented and it gets through first time. Depending upon where the response is truncated it will have TC set or not. Some parts of some responses are optional. We have eliminated 3 timeouts and a almost certain TCP query by setting edns-udp-size to match the path characteristics. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
