[nsd-users] nsd 3.2.9 released
matthijs at NLnetLabs.nl
Mon Nov 28 09:09:20 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 11/24/2011 11:35 AM, Shane Kerr wrote:
> On Wed, 2011-11-23 at 11:17 +0100, Matthijs Mekking wrote:
>> - Minimize responses to reduce truncation: NSD will only add optional
>> records to the authority and additional sections when the response
>> size does not exceed the minimal response size.
>> The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
>> 1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is
>> smaller than the EDNS default.
> I'm curious why you choose to ignore the EDNS buffer size when it is
> advertised (unless smaller than 1480/1220).
We want to prevent fragmentation as much as possible. Optional
information should not be able to cause fragmentation.
> I see that NSD already uses the minimum MTU when possible on the system.
> In principle this means that UDP packets should be fragmented by the
> kernel, so should already be sending IP packets that make it across the
> network without many problems.
Still, IP packets fragmented by the kernel may still cause problems
across the network. One example is that a box is not considering one
fragment as a DNS packet and it may be drop the packet.
> Do you have any data on how much of a problem this causes and avoids in
> some production networks?
We know of few issues caused by fragmentation by the kernel, that is why
we want to prevent it as much as possible.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the nsd-users