DNAME issues (was Re: ip6.int deprecation)
Iljitsch van Beijnum
iljitsch at muada.com
Tue May 9 14:22:32 CEST 2006
On 9-mei-2006, at 13:55, Niall Murphy wrote:
>> The observant reader will note that on this UDP packet the DF bit
>> is set. A slightly more observant reader will note that in IPv4,
>> setting the DF bit on UDP packets guarantees breakage if the
>> packet encounters a link with an MTU smaller than the packet's size.
> I believe 576 is the lowest MTU in IPv4, so I'm not sure what this
> example is intended to demonstrate...
It's intended to demonstrate that even root server operators, who
have the most critical job in the entere internet, carelessly do
stupid things. To speak with Randy Bush: "just like us they're all
idiots". Which should teach us to:
1. Do the right thing. ALWAYS.
2. Don't expect anyone else to.
As for the 576 bytes:
1. From RFC 791:
Every internet module must be able to forward a datagram of 68
octets without further fragmentation. This is because an internet
header may be up to 60 octets, and the minimum fragment is 8
octets.
Every internet destination must be able to receive a datagram of
576
octets either in one piece or in fragments to be reassembled.
2. RFC 1191 suggests that RFC 1144 advises a 296 byte MTU. This isn't
stated in so many words but a 296 byte MTU is often suggested for
slow links (yes, those still exist).
3. Packets can get larger along the way because of tunneling, VPNs etc.
4. RFC 2671 (EDNS0)
5. Looks like we'll have AAAA records for the roots in the forseeable
future (although I can't find the link to the root server operators
meeting minutes right now) which will push the reply to the initial
query that a DNS resolver does beyond 512 bytes (= 540 bytes) and
almost certainly beyond 576 bytes too
Regardless, setting DF on UDP is insane any which way you slice it.
(It's not the greatest idea ever in our current way-too-heavily-
filtered internet for TCP <= 1500 bytes either.)
More information about the ipv6-ops
mailing list