Re: [knot-dns-users] forcing minimal fragment size for IPv6 datagrams

On 2016-06-23 12:50, Jan Včelák wrote: Geoff Huston has continued his research [1] and his result look disappointing. If I understand RFC 8085 section 3.2 correctly in the context of DNS and IPv6, PMTUD and PLPMTUD do not work for DNS because DNS uses only a single request and reply packet and any form of path MTU discovery would make it loose its latency advantage over TCP. You could think about path MTU discovery in a DNS resolver that caches the path MTU for frequently queried servers though. Otherwise it seems best to set max-ipv6-udp-payload to 1232 or an even lower value that accounts for extension headers. I think Jen Linkova's remark at the end of the talk about MPLS is right, as the LER should already reject ICMPv6 PTB message before it lets an IP packet enter the MPLS network. So the remaining problems with IPv6 fragmentation are anycast and other forms of load balancing and misconfigured firewalls and other middle boxes. Anycast and load balancing are debatable concepts but RFC 7690 outlines some solution to the problem. And if you run an anycast network, you are used to such problems. So the remaining problem are misconfigured firewalls and other middle boxes. They should be dealt with like any misconfigured IPv6 equipment. I think we have made a lot of progress in this area as IPv6 deployment continues to expand. So I think there is a reasonable chance that setting max-ipv6-udp-payload to a low value will not be necessary in the future. - Matthias-Christian https://ripe75.ripe.net/archives/video/181/