[Dnssec-deployment] EDNS0 follow up - Re: ... TLD DNSKEY responses
Ed.Lewis at neustar.biz
Tue May 8 09:09:30 EDT 2012
At 18:09 +0200 4/27/12, Roland van Rijswijk wrote:
>That is one of the questions we are trying to answer. For many hosts
>with problems, these go away when we throttle back the response size to
>within minimum IPv6 MTU (EDNS0 buffer at 1232 bytes). Unfortunately, this
>leaves us with a class of hosts that are either behind some seriously
>manky network equipment and have MTU's below that (on IPv4) and then there
>are hosts with even more screwed up firewall settings that assume that DNS
>is always 512 bytes payload or less (welcome back to the 1980s :( )
I was hoping for a wider discussion (hence not replying sooner).
I have a question to the implementers tuned to this list, have you
given any thought to lowering the default EDNS0 buffer size since
these findings came out?
It's one thing to be capable of having it set to as high as 4096,
another thing to make the otherwise un-configured value be 1232 (as
And to anyone else - does anyone wonder why there aren't more
complaints about this issue? Or at least aren't more complaints
NeuStar You can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars!
More information about the Dnssec-deployment