Davey Song(宋林健) wrote:
Hi Paul, I know you suggest expose the problem and let the trouble maker feeling the pain themselves. But return to the specific issue, from APNIC's measurement the ASes in the path are dropping the fragments, rather than end ASes. From these ASes' view , it's your pain not theirs.
it's a question of first mover advantage. EDNS will never be fully deployed, because of the middleboxes built before 1999 who "know" what a UDP/53 datagram has to look like, and which disallow ADCOUNT>0 && QR=0.
we can, if we wish, continue to standardize one protocol, watch as the world deploys a different one, and still pretent that our effort was worthwhile. however, this would fit the technical definition of "insanity", and i urge that we avoid this course of action.
In another word, we are facing the fragmented and uncooperative Internet. What should we do ? It is very hard to coordinate all parts and networks. DNS is a field with lots of tussle.
we need a kernel option for various open source operating systems which causes all UDP to be fragmented at 512 octets of payload. for ipv4, so that we can hard-smash every middlebox which still prevents EDNS from being deployed, and for ipv6 also, so that we can hard-smash any middle or edge network who won't carry ipv6 extension headers.
and we need to turn this on everywhere. root, gtld, cctld, recursives, authoriatives, 8.8.8.8, opendns... Everywhere. with a press release to pre-announce the flag day.
if we're not going to stand up for the standards we write, then we should admit that nothing except tcp/80 will work, and avoid all else.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop