[nsd-users] nsd 3.2.9 released

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Nov 28 09:09:20 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Shane,

On 11/24/2011 11:35 AM, Shane Kerr wrote:
> Matthijs,
> 
> On Wed, 2011-11-23 at 11:17 +0100, Matthijs Mekking wrote:
>> - Minimize responses to reduce truncation: NSD will only add optional
>>   records to the authority and additional sections when the response
>>   size does not exceed the minimal response size.
>>
>>   The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
>>   1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is
>>   smaller than the EDNS default.
> 
> I'm curious why you choose to ignore the EDNS buffer size when it is
> advertised (unless smaller than 1480/1220).

We want to prevent fragmentation as much as possible. Optional
information should not be able to cause fragmentation.

> I see that NSD already uses the minimum MTU when possible on the system.
> In principle this means that UDP packets should be fragmented by the
> kernel, so should already be sending IP packets that make it across the
> network without many problems.

Still, IP packets fragmented by the kernel may still cause problems
across the network. One example is that a box is not considering one
fragment as a DNS packet and it may be drop the packet.

> Do you have any data on how much of a problem this causes and avoids in
> some production networks?

We know of few issues caused by fragmentation by the kernel, that is why
we want to prevent it as much as possible.

Best regards,
  Matthijs

> --
> Shane
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJO00/AAAoJEA8yVCPsQCW5ntEH/iuybbi13gRSisD4dhvojP9b
FZ//lrEL7u/WgcRFlRc1FWePXYS5ykXuc8aTyRDwPL8XYDT2my+BNb3pUjZd4bpI
WHlD28BYH++O+VW0WwObVhr+3OZhmOsVeVdwxPifpEuUBd4nmp90HCN4Y8tqGZbU
xzsXN6NgYJuTrYL3GnP8gima2tVt35fTDGEjEuq6VyCgwbqLjgzxEkP97oBnD/Fu
4YYeg66l/WtYC65L0vqQiGXXsKfcLrFCoZogPmBUgKUIxHphv0Ypksn6XuxPRrhV
5qOx+5SnU/MRZI7V8/7HgfaYkKKB7L03orpDga1JtQTLj/KIbjJmHdYGs67IhN8=
=vUDn
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list