Hi all,
Speaking as one of the DNS implementers and as part of providing
feedback on the current draft revision, we have reformulated
recommendation R2. It expresses the intention not to fragment UDP
packets and points out that different operating systems have different
ways of achieving this.
The current concern of open-source software DNS developers is with Linux
that the IP_MTU_DISCOVER is not well documented, it has changed over
time, one has to look into the kernel code to see what is really going
on, and it is fragile.
New text for R2:
-----
R2. UDP responders should configure their systems to prevent
fragmentation of UDP packets when sending replies, provided it can be
done safely. The mechanisms to achieve this vary across different
operating systems.
For BSD-like operating systems, the IP "Don't Fragment flag (DF) bit"
[RFC0791] can be used to prevent fragmentation. In contrast, Linux
systems do not expose a direct API for this purpose and require the use
of Path MTU socket options (IP_MTU_DISCOVER) to manage fragmentation
settings. However, it is important to note that enabling IPv4 Path MTU
Discovery for UDP in current Linux versions is considered harmful and
dangerous. For more details, refer to Appendix C.
-----
On 06/05/2024 15:59, Petr Špaček wrote:
Hello dnsop,
Warren asked implementers to provide feedback on the current text, so
I'm doing just that.
I'm not an apt copywriter but hopefully following notes will provide
material for other people to formulate commentary to supplement the
recommendations.
<snip/><snap/>
Cheers,
-- Benno
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
