On Wednesday, 25 March 2020 07:41:51 UTC Petr Špaček wrote: > Hello DNS operators! > > ... > > Are you a DNS vendor, operator, firewall vendor or service provider and want > to improve on DNS resilience?
yes. > Then ready our guidelines on "Message Size Considerations" for EDNS [3] to > reduce or even avoid fragmentation of the DNS and please allow DNS over > TCP! > > [3] https://dnsflagday.net/2020/#message-size-considerations from [3]: "An EDNS buffer size of 1232 bytes will avoid fragmentation on nearly all current networks. This is based on an MTU of 1280, which is required by the IPv6 specification, minus 48 bytes for the IPv6 and UDP headers." many of us are successfully using 1400 or larger. the MTU value of 1280 that this calculation is based on, was arbitrarily chosen in the IPv6 specification, and no real network operates with this limit. the 48 byte subtrahend was arbitrarily chosen without leaving room for IP6 options. this never matters for TCP because TCP knows the size of the IP6 options that will be used. this in turn never matters because the internet's effective MTU is ~1500. a less-arbitrary value would be better. those of us using 1400 do so because we want to leave room for IP6 options as well as tunnel overhead. please reconsider the further use of the number 1280, which was made deliberately small because of the unrealistic expectation that all IP6 flows would be governed by PMTUD. no real network today operates with this MTU size. -- Paul _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
