[nsd-users] nsd 3.2.9 released
Matthijs Mekking
matthijs at NLnetLabs.nl
Mon Nov 28 09:09:20 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Shane,
On 11/24/2011 11:35 AM, Shane Kerr wrote:
> Matthijs,
>
> On Wed, 2011-11-23 at 11:17 +0100, Matthijs Mekking wrote:
>> - Minimize responses to reduce truncation: NSD will only add optional
>> records to the authority and additional sections when the response
>> size does not exceed the minimal response size.
>>
>> The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
>> 1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is
>> smaller than the EDNS default.
>
> I'm curious why you choose to ignore the EDNS buffer size when it is
> advertised (unless smaller than 1480/1220).
We want to prevent fragmentation as much as possible. Optional
information should not be able to cause fragmentation.
> I see that NSD already uses the minimum MTU when possible on the system.
> In principle this means that UDP packets should be fragmented by the
> kernel, so should already be sending IP packets that make it across the
> network without many problems.
Still, IP packets fragmented by the kernel may still cause problems
across the network. One example is that a box is not considering one
fragment as a DNS packet and it may be drop the packet.
> Do you have any data on how much of a problem this causes and avoids in
> some production networks?
We know of few issues caused by fragmentation by the kernel, that is why
we want to prevent it as much as possible.
Best regards,
Matthijs
> --
> Shane
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJO00/AAAoJEA8yVCPsQCW5ntEH/iuybbi13gRSisD4dhvojP9b
FZ//lrEL7u/WgcRFlRc1FWePXYS5ykXuc8aTyRDwPL8XYDT2my+BNb3pUjZd4bpI
WHlD28BYH++O+VW0WwObVhr+3OZhmOsVeVdwxPifpEuUBd4nmp90HCN4Y8tqGZbU
xzsXN6NgYJuTrYL3GnP8gima2tVt35fTDGEjEuq6VyCgwbqLjgzxEkP97oBnD/Fu
4YYeg66l/WtYC65L0vqQiGXXsKfcLrFCoZogPmBUgKUIxHphv0Ypksn6XuxPRrhV
5qOx+5SnU/MRZI7V8/7HgfaYkKKB7L03orpDga1JtQTLj/KIbjJmHdYGs67IhN8=
=vUDn
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list