Here is the answer from dnsmasq author...
francis.dup...@fdupont.fr
PS: as dnsmasq is very common in "boxes" (ADSL or CATV modem, home
gateways, wireless routers, etc) I am very satisfied by this answer.
------- Forwarded Message
Replied: Thu, 24 Dec 2009 11:57:39 +0000
Replied: Simon Kelley <si...@thekelleys.org.uk>
Return-Path: si...@thekelleys.org.uk
Delivery-Date: Mon Dec 21 17:57:42 2009
Return-Path: <si...@thekelleys.org.uk>
Received: from eyas.biff.org.uk (eyas.biff.org.uk [80.68.92.121])
by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id nBLHvgeX014070
for <francis.dup...@fdupont.fr>; Mon, 21 Dec 2009 17:57:42 GMT
(envelope-from si...@thekelleys.org.uk)
Received: from cpc1-cmbg12-0-0-cust836.cmbg.cable.ntl.com ([86.9.119.69]
helo=thekelleys.org.uk)
by eyas.biff.org.uk with esmtpa (Exim 4.69)
(envelope-from <si...@thekelleys.org.uk>)
id 1NMmWa-0006XZ-Bq
for francis.dup...@fdupont.fr; Mon, 21 Dec 2009 17:58:28 +0000
Received: from spike.thekelleys.org.uk ([192.168.0.163])
by thekelleys.org.uk with asmtp (Exim 3.36 #1 (Debian))
id 1NMmWZ-00038G-00
for <francis.dup...@fdupont.fr>; Mon, 21 Dec 2009 17:58:27 +0000
Message-ID: <4b2fb743.5040...@thekelleys.org.uk>
Date: Mon, 21 Dec 2009 17:58:27 +0000
From: Simon Kelley <si...@thekelleys.org.uk>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090706)
MIME-Version: 1.0
To: Francis Dupont <francis.dup...@fdupont.fr>
Subject: Re: dnsmasq and DNSSEC
References: <200912210949.nbl9njhg084...@givry.fdupont.fr>
In-Reply-To: <200912210949.nbl9njhg084...@givry.fdupont.fr>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Francis Dupont wrote:
> As you know DNSSEC is coming (the root will be signed next year).
> The default edns-packet-max option is 1280, a conservative value
> from RFC 2671 (EDNS 0 specs). IMHO it should be raise to the usual
> maximum, 4096, in new distribs.
> Note:
> - the 1280 value should be large enough to avoid most truncation
> issues i.e. the 4096 is for margin/uncommon cases.
> - the real value is in the hands of the client on the "LAN side":
> if some problems with fragmentation are expected, it can use
> a moderate value for the announced UDP payload size.
> The idea is dnsmasq should not limit the client rewriting this
> value to something lower.
> - of course dnsmasq can be run with "-P 4096" i.e. with
> an overwritten default.
>
> Thanks
>
> francis.dup...@fdupont.fr
>
> PS: I can open a discussion in a DNS IETF mailing list if you are not
> convinced by my argument. RFC 2671 can be clarified too.
>
Thanks for that. Doing some research, I found that this is covered in
RFC 5625, which indeed recommends 4096. I've changed the default for the
next release.
Checking through 5625, dnsmasq already does what is recommended in every
other respect except one (it's allowed to change the query-ID in signed
DNS packets.) I've fixed that too.
Cheers,
Simon.
------- End of Forwarded Message
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
