DNAME issues (was Re: ip6.int deprecation)

[Iljitsch van Beijnum]

On 9-mei-2006, at 13:55, Niall Murphy wrote:

>> The observant reader will note that on this UDP packet the DF bit  
>> is set. A slightly more observant reader will note that in IPv4,  
>> setting the DF bit on UDP packets guarantees breakage if the  
>> packet encounters a link with an MTU smaller than the packet's size.

> I believe 576 is the lowest MTU in IPv4, so I'm not sure what this  
> example is intended to demonstrate...

It's intended to demonstrate that even root server operators, who  
have the most critical job in the entere internet, carelessly do  
stupid things. To speak with Randy Bush: "just like us they're all  
idiots". Which should teach us to:

1. Do the right thing. ALWAYS.
2. Don't expect anyone else to.

As for the 576 bytes:

1. From RFC 791:

     Every internet module must be able to forward a datagram of 68
     octets without further fragmentation.  This is because an internet
     header may be up to 60 octets, and the minimum fragment is 8  
octets.

     Every internet destination must be able to receive a datagram of  
576
     octets either in one piece or in fragments to be reassembled.

2. RFC 1191 suggests that RFC 1144 advises a 296 byte MTU. This isn't  
stated in so many words but a 296 byte MTU is often suggested for  
slow links (yes, those still exist).

3. Packets can get larger along the way because of tunneling, VPNs etc.

4. RFC 2671 (EDNS0)

5. Looks like we'll have AAAA records for the roots in the forseeable  
future (although I can't find the link to the root server operators  
meeting minutes right now) which will push the reply to the initial  
query that a DNS resolver does beyond 512 bytes (= 540 bytes) and  
almost certainly beyond 576 bytes too

Regardless, setting DF on UDP is insane any which way you slice it.  
(It's not the greatest idea ever in our current way-too-heavily- 
filtered internet for TCP <= 1500 bytes either.)