Davey Song(宋林健) wrote:
Hi Paul,

I know you suggest expose the problem and let the trouble maker
feeling the pain themselves. But return to the specific issue, from
APNIC's measurement the ASes in the path are dropping the fragments,
rather than end ASes. From these ASes' view , it's your pain not
theirs.

it's a question of first mover advantage. EDNS will never be fully deployed, because of the middleboxes built before 1999 who "know" what a UDP/53 datagram has to look like, and which disallow ADCOUNT>0 && QR=0.

we can, if we wish, continue to standardize one protocol, watch as the world deploys a different one, and still pretent that our effort was worthwhile. however, this would fit the technical definition of "insanity", and i urge that we avoid this course of action.

In another word, we are facing the fragmented and uncooperative
Internet. What should we do ? It is very hard to coordinate all parts
and networks. DNS is a field with lots of tussle.

we need a kernel option for various open source operating systems which causes all UDP to be fragmented at 512 octets of payload. for ipv4, so that we can hard-smash every middlebox which still prevents EDNS from being deployed, and for ipv6 also, so that we can hard-smash any middle or edge network who won't carry ipv6 extension headers.

and we need to turn this on everywhere. root, gtld, cctld, recursives, authoriatives, 8.8.8.8, opendns... Everywhere. with a press release to pre-announce the flag day.

if we're not going to stand up for the standards we write, then we should admit that nothing except tcp/80 will work, and avoid all else.

--
P Vixie

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to