One important consideration: The Internet has decreed a long time ago that fragments don't work for IPv4, and REALLY don't work for IPv6: the amount of systems that drop fragments for V6 is off the chart.
For DNS, this means you get silent failures when the reply is bigger than the network's MTU when you use EDNS0/UDP. This is why I have long argued for the following: On a timeout, reduce the EDNS0 MTU to produce 1280B packets (which really do work effectively everywhere). If the resulting query now succeeds with a reply and sets TC (truncation), this suggests a fragmentation problem in the path to that particular server. Now all subsequent requests to that server (at least for the next reasonable-timeout-period like a day) should have the smaller EDNS0 MTU. If the path to multiple servers experience the same failure, reduce the EDNS0 MTU on a global basis.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
