servers, was: Re: Smallest Transit MTU
In article [EMAIL PROTECTED] you write:
On 5-jan-05, at 17:39, Sabri Berisha wrote:
Are there any common examples of the DF bit being set on non-TCP
packets?
[...]
Here you go. A root-nameserver setting the DF-bit on its replies
On 10-jan-05, at 1:54, Stephen J. Wilcox wrote:
With a 296 byte MTU I don't get answers from
(a|b|h|j).root-servers.net, *.gtld-servers.net, tld2.ultradns.net and
some lesser-known ccTLD servers.
I thought 576 bytes was the minimum by way of largest initial packet
prior
to negotiating MSS must
I receive DNS responses 500 bytes every day (reported by PIX firewall). So
it is an issue, no matter wgat is recomended in RFC.
And you most probable have EDNS clients (nameservers) inside
your firewall making EDNS queries which return EDNS responses
that are bigger
On Mon, 10 Jan 2005 22:42:28 +1100, Mark Andrews [EMAIL PROTECTED] wrote:
I receive DNS responses 500 bytes every day (reported by PIX firewall). So
it is an issue, no matter wgat is recomended in RFC.
The correct thing to do is to fix your firewall to handle the
EDNS
On 10-jan-05, at 12:26, Stephen J. Wilcox wrote:
Shifting topic a little.. any idea why DF is used anyway? I've never
understood what the purpose of not fragmenting is, and if DF didnt
exist we wouldnt experience the PMTU missing icmp issues
Good question. According to RFC 791:
If the Don't
Yes, it is correct.
It is a cisco pix, right? Maybe just replacing the thing with a 1U
openbsd box will work wonders.
A PIX firewall can handle EDNS fine. It just has to be told
what is the maximum EDNS size being advertised by the internal
clients. The defaults assume there is no
On 10-jan-05, at 17:15, Stephen J. Wilcox wrote:
Windows appears to always set DF, is there a reason why they did
that?
Of course I wanted to see this for myself. I used Quicktime to
generate
some UDP, but no DFs, either on Win98 or XP.
ah i was meaning tcp, afaik it sets DF on at least win2k
ah i was meaning tcp, afaik it sets DF on at least win2k
All OSes that I know of do this in order to do path MTU discovery. The
PMTUD RFC encourages implementers to detect changes in the path MTU as
fast as possible, which they took to mean set the DF bit on ALL
packets. Which is
On 5-jan-05, at 17:39, Sabri Berisha wrote:
Are there any common examples of the DF bit being set on non-TCP
packets?
[...]
Here you go. A root-nameserver setting the DF-bit on its replies :)
This is very bad.
With a 296 byte MTU I don't get answers from
(a|b|h|j).root-servers.net,
In article [EMAIL PROTECTED] you write:
On 5-jan-05, at 17:39, Sabri Berisha wrote:
Are there any common examples of the DF bit being set on non-TCP
packets?
[...]
Here you go. A root-nameserver setting the DF-bit on its replies :)
This is very bad.
With a 296 byte MTU I don't get
On 10-jan-05, at 0:08, Mark Andrews wrote:
Well DNS (not EDNS) is limited to 512 octets so you unless there
are real links (not ones artificially constrained to demonstrate
a issue) this should not be a issue in practice.
No, fortunately not. But it's still VERY wrong and
11 matches
Mail list logo
