Mark Andrews wrote: ...
Just padding UDP responses to EDNS buffer size should be enough to force fragmentation. If you advertise a 4096 buffer you should be able to accept such a response.
i don't want to waste the octets. a lot of links are still mobile. forcing source fragmentation for payloads longer than 512 will do.
We also need to bump the EDNS version number. Going to EDNS(1) will hit the firewalls that think EDNS(0) is the only EDNS version they will ever see.
that would drag in version negotiation -- a lot of responders would say BADVERS which would lead, best case, to another round trip. but since the version negotiation code paths aren't tested, it may be worse.
BIND 9.11 is already adding a DNS COOKIE option to every request. That is causing some firewalls to be fixed as well as some nameservers. We haven't added additional workaround code for this.
nice. thanks for that. -- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
