[Dnsmasq-discuss] seeing www.ietf.org fail dnssec with dnsmasq rc7

Toke Høiland-Jørgensen toke at toke.dk
Thu May 7 14:36:17 BST 2015


Simon Kelley <simon at thekelleys.org.uk> writes:

> But if they fragment, what size should they fragment to? I guess inthe
> absence of any information to the contrary, 1280 bytes.

Yes, I would think so. Also, the RFC has this to say about the size of
the packets pre-fragmentation:

   A node must be able to accept a fragmented packet that, after
   reassembly, is as large as 1500 octets.  A node is permitted to
   accept fragmented packets that reassemble to more than 1500 octets.
   An upper-layer protocol or application that depends on IPv6
   fragmentation to send packets larger than the MTU of a path should
   not send packets larger than 1500 octets unless it has assurance that
   the destination is capable of reassembling packets of that larger
   size.

So I don't see much hope for that 1625 byte 'DNSKEY org' answer...

> I wonder if the Google public DNS is failing to do that, or if it is,
> and the path to me is dropping fragments?

No idea. I figure they probably do whatever Linux does?

-Toke



More information about the Dnsmasq-discuss mailing list