[Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7
Toke Høiland-Jørgensen
toke at toke.dk
Thu May 7 14:36:17 BST 2015
Simon Kelley <simon at thekelleys.org.uk> writes:
> But if they fragment, what size should they fragment to? I guess inthe
> absence of any information to the contrary, 1280 bytes.
Yes, I would think so. Also, the RFC has this to say about the size of
the packets pre-fragmentation:
A node must be able to accept a fragmented packet that, after
reassembly, is as large as 1500 octets. A node is permitted to
accept fragmented packets that reassemble to more than 1500 octets.
An upper-layer protocol or application that depends on IPv6
fragmentation to send packets larger than the MTU of a path should
not send packets larger than 1500 octets unless it has assurance that
the destination is capable of reassembling packets of that larger
size.
So I don't see much hope for that 1625 byte 'DNSKEY org' answer...
> I wonder if the Google public DNS is failing to do that, or if it is,
> and the path to me is dropping fragments?
No idea. I figure they probably do whatever Linux does?
-Toke
More information about the Dnsmasq-discuss
mailing list