Hi Philipp, On 13 Aug 2025, at 22:49, Philipp S. Tiesel <[email protected]> wrote:
> I certainly agree that we should not block ourselves from better transport in > the future, therefore it is important that > the following SHOUDs are SHOULDs and definitely no MUSTs: > > DNS servers SHOULD NOT relay on path MTU discovery or PLPMTUD > (RFC4821/RFC8899) but > SHOULD use IPV6_USE_MIN_MTU=1 from RFC 3542 to avoid the need to do path MTU > discovery. RFC 4821 and RFC 8899 rely on either session state existing between the sender and receiver, or the opportunity to send probe packets, or both. How is this applicable to the stateless transmission of a DNS response over IPv6 and UDP? I am not aware of a mechanism that would allow a DNS response that requires fragmentation somewhere on the path away from the sender ever to be received. Unless such a mechanism exists, I don't see why SHOULD NOT is the right answer here -- it seems clear that it's a MUST NOT. If a plausible mechanism is developed in the future, the restriction could be relaxed for those who choose to implement it. Perhaps the problem here is that the prescription above is too general, and that different transports have different characteristics. For UDP over IPv6: MUST NOT rely on pMTUd, MUST use RFC 3542 For UDP over IPv4: SHOULD NOT rely on pMTUd, seems reasonable, fragmentation at least works even if it has undesirable characteristics For stateful transports like TCP, DoT, DoH, DoQ: I think pMTUd is probably fine, especially for long-held sessions over which many messages are exchanged where the cost of fragmentation can be amortised over the lifetime of the session. Joe _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
