Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Abley-san, thanks very much for your comments. > From: Joe Abley > Fujiwara-san, > > On Sep 22, 2022, at 11:05, Kazunori Fujiwara wrote: > >> Thanks. "Path MTU Disovery" API and setting IP_DF API are complex and >> they often don't work as expected. >> >> However, it may be easy to avoid usin

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On Thu, Sep 22, 2022 at 2:05 AM Kazunori Fujiwara wrote: > > From: Petr Špaček > >> Then, do you agree the following requirements ? (as DNS software > >> developpers) > >> 1. SHOULD set DF bit on outgoing UDP packets on IPv4, > >> and SHOULD not use FRAGMENT header on IPv6. > > > > Theoretic

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Fujiwara-san, On Sep 22, 2022, at 11:05, Kazunori Fujiwara wrote: > Thanks. "Path MTU Disovery" API and setting IP_DF API are complex and > they often don't work as expected. > > However, it may be easy to avoid using the Fragment Header on IPv6. > (limit IPv6 response packet smaller than inter

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

> From: Petr Špaček >> Then, do you agree the following requirements ? (as DNS software >> developpers) >> 1. SHOULD set DF bit on outgoing UDP packets on IPv4, >> and SHOULD not use FRAGMENT header on IPv6. > > Theoretically yes, but it might not be achievable depending on OS > API. We tried

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On 14. 09. 22 16:56, Kazunori Fujiwara wrote: From: Petr Špaček On 15. 08. 22 12:18, Kazunori Fujiwara wrote: I assume section 3.2 means the EDNS bufsize in the request when it says "their payload size", but I am not sure. The text could be clearer on that. * UDP requestors MAY probe t

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

1232 is an arbitrary sized based on a multi generational misunderstanding. We should not repeat it or promote it. p vixie On Sep 14, 2022 15:56, Kazunori Fujiwara wrote: > From: Petr Špaček > On 15. 08. 22 12:18, Kazunori Fujiwara wrote: >> >>> I assume section 3.2 means the EDNS bufs

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

> From: Petr Špaček > On 15. 08. 22 12:18, Kazunori Fujiwara wrote: >> >>> I assume section 3.2 means the EDNS bufsize in the request when it >>> says >>> "their payload size", but I am not sure. The text could be clearer on >>> that. >>> * UDP requestors MAY probe to discover the real M

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On 15. 08. 22 12:18, Kazunori Fujiwara wrote: I assume section 3.2 means the EDNS bufsize in the request when it says "their payload size", but I am not sure. The text could be clearer on that. * UDP requestors MAY probe to discover the real MTU value per destination. How? For exa

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On 17. 08. 22 17:09, Daisuke HIGASHI wrote: Peter van Dijk >: Thank you for reviewing my implementation. Note that the function called "probe_pmtu" does not really probe. At best, it finds some data the kernel cached recently. At worst (i.e. usua

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Peter van Dijk : > Thank you for reviewing my implementation. Note that the function called "probe_pmtu" does not really probe. At > best, it finds some data the kernel cached recently. At worst (i.e. > usually), it tells you the MTU of your local networking interface. That's correct. > > > -

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

> From: "Andrew McConachie" >> Path MTU discovery remains widely undeployed due to >>security issues, and IP fragmentation has exposed weaknesses in >>application protocols. > > PMTUD doesn’t work through NAT and that’s probably the main reason > why it doesn’t work on the Internet. I thi

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On Sat, 2022-08-13 at 21:49 +0900, Daisuke HIGASHI wrote: > I wrote an experimental "avoid-fragmentation" patch for NSD (as per > section 3.1 and Appexdix C). Due to dependency on getsockopt(IP_MTU), > currently it should work on Linux only. > > https://github.com/hdais/nsd-avoid-fragmentation#avo

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

> From: Peter van Dijk > Avoiding fragmentation is good. Putting that in a document is also good. > But this document is not ready for publication. It also most definitely > does not describe Best Current Practice; it also does not prescribe a > Best Current Practice I can agree with or even reall

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

I wrote an experimental "avoid-fragmentation" patch for NSD (as per section 3.1 and Appexdix C). Due to dependency on getsockopt(IP_MTU), currently it should work on Linux only. https://github.com/hdais/nsd-avoid-fragmentation#avoid-fragmentation-implementation-for-nsd https://github.com/hdais/nsd

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Brian Dickson wrote on 2022-07-31 13:46 On Sun, Jul 31, 2022 at 11:54 AM Paul Vixie wrote: https://datatracker.ietf.org/wg/plpmtud/about/ (I would note that the above wg is "status: closed".) don't we all just love it when something reaches successful conclusion? i suggest furthe

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

see inline. Andrew McConachie wrote on 2022-08-04 06:32: On 31 Jul 2022, at 20:53, Paul Vixie wrote: https://datatracker.ietf.org/wg/plpmtud/about/ i suggest further reading and perhaps reconsideration. we've got to break out of the MTU 1500 jail some day or the internet will end in head

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On Thu, Aug 04, 2022 at 03:49:48PM +0200, Joe Abley wrote: > Hi Andrew, > > On Aug 4, 2022, at 15:33, Andrew McConachie wrote: > > > I apologize for derailing this conversation by bringing up NAT. My point > > was that the document makes a claim that PMTUD ‘remains widely undeployed > > due to

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Hi Andrew, On Aug 4, 2022, at 15:33, Andrew McConachie wrote: > I apologize for derailing this conversation by bringing up NAT. My point was > that the document makes a claim that PMTUD ‘remains widely undeployed due to > security issues’. Yet it makes no reference to anything that might back

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On 31 Jul 2022, at 20:53, Paul Vixie wrote: Andrew McConachie wrote on 2022-07-28 03:24: Path MTU discovery remains widely undeployed due to    security issues, and IP fragmentation has exposed weaknesses in    application protocols. PMTUD doesn’t work through NAT and that’s probably the ma

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On Sun, Jul 31, 2022 at 11:54 AM Paul Vixie wrote: > > > Andrew McConachie wrote on 2022-07-28 03:24: > >> Path MTU discovery remains widely undeployed due to > >>security issues, and IP fragmentation has exposed weaknesses in > >>application protocols. > > > > PMTUD doesn’t work through

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Andrew McConachie wrote on 2022-07-28 03:24: Path MTU discovery remains widely undeployed due to    security issues, and IP fragmentation has exposed weaknesses in    application protocols. PMTUD doesn’t work through NAT and that’s probably the main reason why it doesn’t work on the Internet

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Hello, On Tue, 2022-07-26 at 21:13 +, Suzanne Woolf wrote: > Dear colleagues, > > > This message starts the Working Group Last Call for > draft-ietf-dnsop-avoid-fragmentation > (https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/). The > requested status is BCP. > > Si

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Hi Andrew, On Jul 29, 2022, at 11:14, Andrew McConachie wrote: > We don’t need a useful standard for NAT to recognize that most > implementations break PMTUD, and that those implementations of NAT are > deployed enough to make PMTUD significantly broken. I was really just suggesting that some

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On 28 Jul 2022, at 13:19, Joe Abley wrote: On Jul 28, 2022, at 12:24, Andrew McConachie wrote: PMTUD doesn’t work through NAT That's a very definitive statement considering that there's no useful standard for NAT. If there's actual research on this to demonstrate that, pragmatically s

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On 26. 07. 22 23:13, Suzanne Woolf wrote: Dear colleagues, This message starts the Working Group Last Call for draft-ietf-dnsop-avoid-fragmentation (https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/). The requested status is BCP. Since we're starting the Last Call durin

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

On Jul 28, 2022, at 12:24, Andrew McConachie wrote: > PMTUD doesn’t work through NAT That's a very definitive statement considering that there's no useful standard for NAT. If there's actual research on this to demonstrate that, pragmatically speaking, no implementations use the payload of a

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Path MTU discovery remains widely undeployed due to security issues, and IP fragmentation has exposed weaknesses in application protocols. PMTUD doesn’t work through NAT and that’s probably the main reason why it doesn’t work on the Internet. I think that’s less of a security issue than